Systematic Review on Identification and Prediction of Deep Learning-Based Cyber Security Technology and Convergence Fields

Abstract

Recently, as core technologies leading the fourth industrial revolution, such as the Internet of Things (IoT), 5G, the cloud, and big data, have promoted smart convergence across national socio-economic infrastructures, cyber systems are expanding and becoming complex, and they are not effective in responding to cyber safety risks and threats using security technology solutions limited to a single system. Therefore, we developed cyber security technology that combines machine learning and AI technology to solve complex problems related to cyber safety. In this regard, this study aims to identify technology development trends to prevent the risks and threats of various cyber systems by monitoring major cyber security convergence fields and technologies through the symmetrical thesis and patent analysis. Because thesis information can explain the superiority of technology and patent information can explain the usefulness of a technology, they can be effectively used for analyzing and predicting technology development trends. Therefore, in this study, latent Dirichlet allocation is applied to extract text-document-based technical topics for the symmetrical thesis and patent information to identify security convergence fields and technologies for cyber safety. In addition, it elucidates cyber security convergence fields and technology trends by applying a dynamic topic model and long short-term memory, which are useful for analyzing technological changes and predicting trends. Based on these results, cyber security administrators, system operators, and developers can effectively identify and respond to trends in related technologies to reduce threats, and companies and experts developing cyber security solutions can present a new security approach.

1. Introduction

The scale of cyber systems is increasing as cyberspace in various fields has rapidly converged, owing to the practical use of innovative technologies that lead the fourth industrial revolution such as IoT, cloud computing, big data, 5G, robots, and drones based on artificial intelligence. Accordingly, as various advanced technologies converge to cyber systems, dangerous fields and factors that cause serious security threats as well as conditions and actions have become extremely complex [1].

It is not effective to minimize cyber safety risks using conventional security technology approaches that focus on specific security issues in individual cyber systems or sectors [2]. It is crucial to focus on the common cyber safety issues shared by cyber sectors and systems across industries [3].

Therefore, cyber safety management, which reduces major risk factors by achieving security technology convergence in the core field of the fourth industrial revolution, has been emphasized [4]. Recently, an integrated security solution that can solve these complex cyber security problems has been developed [5,6,7,8,9,10,11].

With the development of the fourth industrial revolution, the era of “super-connection” has arrived, in which information technology (IT), physical (physical), manufacturing operation (OT), and Internet of Things (IoT) systems, which were previously operated in different networks, are connected to each other. Although the core technologies that led to the fourth industrial revolution, such as IoT, big data, artificial intelligence, and cloud computing, are advancing our lives, the scope of cyber threats is gradually expanding and increasing, and attacks that cross different industries or systems occur every year [12,13,14,15]. Therefore, a new security paradigm is required to respond to such complex threats.

Cyber security, such as information security, aims to ensure confidentiality, integrity, and availability [16]. The types of attacks that threaten cyber security goals continue to evolve as technology advances, causing significant problems in our lives, and they will have a greater impact in the future. To solve this problem, international standards related to cyber security and research on various cyber security technologies are in progress [17,18,19]. International standards related to cyber security are being established based on the ISO/IEC 27000 series, known as information security management systems. ISO/IEC 27000, and related organized information is shown in Table 1.

Table 1. Leading international cyber security standard.

International Standard for Cyber Security	Contents	Status
ISO/IEC 27100	Information technology—Cyber security—Overview and concepts	WD
ISO/IEC 27101	Information technology—Security techniques—Cyber security—Framework development guidelines	WD
ISO/IEC 27102	Information security management—Guidelines for cyber insurance	IS
ISO/EIC 27103	Information technology—Security techniques—Cyber security and ISO and IEC Standards	IS (TR)
ISO/EIC 27032	Information technology—Security techniques—Guidelines for cyber security	IS (Under revision)

ISO/IEC 27100 [20] contains general concepts on cyber security and definitions related to cyber security used in various standards, and ISO/IEC 27101 [21] contains guidelines for developing and implementing cyber security frameworks in organizations. ISO/IEC 27102 [22] includes guidelines for introducing cyber insurance as a measure for managing the impact of cyber incidents within an organization, and ISO/IEC 27103 [23] contains information on how organizations can systematically manage cyber security by utilizing cyber security frameworks based on information security standards.

ISO/IEC 27032 [24] contains an overview of cyber security, relationships between cyber security and other types of security, definitions of stakeholders and roles in cyber security, as well as guidelines for addressing general cyber security issues. These standards prevent unintended cyber risks and eliminate threats based on technical and engineering solutions [25]. Therefore, understanding technology convergence enables cyber security technicians and administrators to plan, develop, and maintain cyber security systems according to various standards [26].

Checkpoint, the world’s largest security solution company, based on the changes in cyber security incidents over the past decade by era, as shown in Figure 1, with the WannaCry attack that occurred in April 2017 as a boundary, is predicted as the process of transitioning from the time period to the fifth-generation security period [27]. The development of next-generation security technology can form the core of next-generation technology development to respond to mega-attacks against vulnerabilities in hyperconnected IT systems in real time. The implementation of the concept of zero trust or SOAR, which goes through an ID verification process before granting access rights to all objects that want to access the system, will become the center of the development of the fifth generation of cyber security technology.

Figure 1. Evolution process and characteristics of cyber security technology by generation.

Despite the importance of these cyber security standards and technological improvements, most previous studies have been limited to the development of individual security technology solutions by security technology experts or technology improvements related to the security management tasks of system administrators [28,29]. Conversely, various studies have been trying to identify research trends in cyber security technology based on empirical analysis of academic papers, patents, and technical reports [30,31]. However, the perspective of policy and management in terms of technological innovation for monitoring cyber security convergence fields and technology has not been sufficiently considered in academia and practice in the field of cyber security. To design a cyber system by predicting the requirements of cyber security convergence fields and technologies, research to understand the important trends in cyber security convergence fields and technologies is essential [32,33]. By identifying key cyber security convergence areas and technologies, policymakers can plan a holistic roadmap for related industries and cyber security [34,35]. In addition, monitoring technology trends in the field of cyber security enables cyber security managers, system operators, and developers to introduce effective and useful technologies for the development or operation of reliable and robust cyber systems.

Therefore, this study aims to monitor the main fields of cyber security technology and identify the convergence fields for its development. This objective can be achieved by analyzing papers and patents. Papers contain experimentally proven knowledge and skills, whereas patents contain practical technologies based on scientific principles; therefore, it is more efficient for meaningful empirical analysis [36,37]. Thus, the analysis of papers and patents is a useful way to provide an overview of the novelty and innovativeness of various technologies in the field of cyber security.

This study extracts and analyzes major keywords in cyber security convergence fields and technologies by focusing on probabilistic topic model techniques based on text analysis of papers and patents. Therefore, this study applies a systematic approach to applying these three techniques. First, the main topics and key keywords were extracted from papers and patents using the latent Dirichlet allocation (LDA) algorithm, which can estimate both the distribution of keywords by topic and the distribution of topics by document [38,39]. The extracted topic identifies the cyber security field composed of related technology keywords and derives the cyber security convergence field based on the connected keywords for each field. These results provide information that can be used to identify threats and risks in the new cyber security field.

Second, we analyze changes in cyber security convergence fields and technologies using the dynamic topic model (DTM) algorithm, which can analyze the changes in topics according to time series [40,41]. By monitoring the trends in the cyber security field and convergence field over time, the continuity of the convergence, new convergence, and non-convergence fields are extracted. These results can provide a clear overview of technological progress in cyber security as well as help researchers and practitioners examine emerging cyber security technologies and convergence issues.

Third, we predict trends in cyber security convergence fields and technologies using the long short-term memory (LSTM) algorithm, which can predict future data by considering not only previous data but also macroscopic past data [42,43]. The future development trend of the cyber security convergence field and technology is predicted based on the analysis of changes in the cyber security field and technology using the keywords connected by each cyber security convergence field. Additionally, we predicted the degree of binding and aggregation of the convergence field. These results suggest a novel security approach in cyber security and, in the long term, provide evidence for planning a technology roadmap.

The remainder of this paper is organized as follows: In the Introduction, the background of this study and the importance of identification and prediction of cyber security technology and convergence fields were mentioned. Additionally, three core research approaches based on deep learning were introduced. In Section 2, we examine ICT strategic and cyber security technology trends to derive cyber security technology convergence fields, cyber security keywords, and security areas. In addition, the contributions, discussion, and insights of this study are emphasized. Section 3 introduces the data collection method used in this study, and the cyber security technology and deep learning algorithms for convergence identification and prediction are described in detail. Section 4 describes the processed experimental data in detail and explains the recent cyber security trend analysis, cyber security keyword extraction, and domain identification analysis processes based on deep learning. In addition, trends in the convergence field were analyzed based on the extracted keywords and areas. Section 5 analyzes and predicts trends in the cyber security convergence area by extracting connection keyword information through in-depth analysis of the cyber security convergence area and applying it to a deep learning algorithm. Finally, the insights and limitations of this study and future research directions are presented in the conclusion.

2. Cyber Security Technology Convergence

2.1. ICT Strategic Technology Trend

To identify the cyber security convergence field and the related core technologies and conduct research to suggest future cyber security technology convergence directions, it is necessary to understand the trends in ICT technology to which cyber security technologies are applied and utilized. The 10 strategic technologies that Gartner, a global IT research firm, announces every year are representative trend predictions that predict how the IT industry will change [44]. Table 2 summarizes Gartner’s forecasts for the top 10 IT strategic technologies from 2011 to 2020.

Table 2. Gartner IT top 10 strategic technologies for 11 years (2011–2020).

2010	2011	2012	2013	2014	2015	2016	2017	2018	2019	2020
Cloud Computing	Cloud Computing	Media Tablets and Beyond	Mobile Device Battles	Mobile Device Diversity and Management	Computing Everywhere	The Device Mesh	AI and Advanced Machine Learning	AI Foundation	Autonomous Things	Hyperautomation
Virtualization for Availability	Mobile Applications and Media Tablets	Mobile-centric Applications and Interfaces	Mobile Applications and HTML 5	Mobile Apps and Applications	The Internet of Things	Ambient User Experience	Intelligent Apps	Intelligent Apps and Analytics	Augmented Analytics	Multiexperience
Reshaping the Data Center	Social Communications and Collaboration	Social and Contextual User Experience	Personal Cloud	The Internet of Everything	3D Printing	3D Printing Materials	Intelligent Things	Intelligent Things	AI-Driven Development	Democratization of Expertise
IT for Green	Video	Application Stores and Marketplace	Internet of Things	Hybrid Cloud and IT as Service Broker	Advanced, Pervasive, and Invisible Analytics	Information of Everything	Virtual and Augmented Reality	Digital Twin	Digital Twins	Human Augmentation
Client Computing	Next-Generation Analytics	The Internet of everything	Hybrid IT and Cloud Computing	Cloud/Client	Context-Rich Systems	Advanced Machine Learning	Digital Twin	Cloud to the Edge	Empowered Edge	Transparency and Traceability
Mobile applications	Social Analytics	Next-Generation Analytics	Strategic Big Data	The Era of Personal Cloud	Smart Machines	Autonomous Agents and Things	Blockchain and Distributed Ledgers	Conversational Platformst	Immersive Experience	The Empowered Edge
Advanced Analytics	Context-Aware Computing	Big Data	Actionable Analytics	Software-Defined Anything	Cloud/Client Computing	Adaptive Security Architecture	Conversational System	Immersive Experience	Blockchain	Distributed Cloud
Social Computing	Storage Class Memory	In-Memory Computing	Mainstream In-Memory Computing	Web-Scale IT	Software-Defined Applications and Infrastructure	Advanced System Architecture	Mesh App and Service Architecture	Blockchain	Smart Spaces	Autonomous Things
Security—Activity Monitoring	Ubiquitous Computing	Extreme Low-Energy Servers	Integrated Ecosystems	Smart Machines	Web-Scale IT	Mesh App and Service Architecture	Digital Technology Platforms	Event Driven	Digital Ethics and Privacy	Practical Blockchain
Flash Memory	Fabric-Based Infrastructure and Computers	Cloud Computing	Enterprise App Stores	3D Printing	Risk-Based Security and Self-Protection	Internet of Things Platforms	Adaptive Security Architecture	Continuous Adaptive Risk and Trust	Quantum Computing	AI Security

To obtain a more meaningful look at Gartner’s announcement, we need to look at the trends in technology that changed over the past 11 years, not just what we have picked as strategic technologies for the next year. That is, the period for which a particular technology is included in the Gartner’s top ten technologies depends on the period in which the technology takes root, and some technologies disappear within a short period of time after being selected or reappearing over the years. IT trends, such as artificial intelligence, robots, 5G, drones, interactive platforms, immersive media, and blockchain, seem to be different technologies, but technologies will be connected and intelligent in the era of the fourth industrial revolution; therefore, it is necessary to look at them in connection. For instance, as IT technologies have a very close interrelationship, the security technologies of cyber systems to which IT technologies are applied also emphasize new ultra-security to which various types of convergence security technologies are applied.

2.2. Cyber Security Technology Trends

When estimating next-generation security technologies, it is useful to utilize the hype cycle developed by Gartner, as shown in Figure 2. The cycle consisted of five phases: technology trigger, peak of inflated expectations, trough of disillusionment, slope of enlightenment, and plateau of productivity. The next-generation security technology area is mainly located in the first, the technology trigger, and second stages, the peak stage of expectations [45].

Figure 2. Gartner’s risk management criteria for next-generation security technology area prediction.

As a result of analyzing the above data, next-generation security technology is an integrated cyber security technology that can respond to mega-attacks targeting all areas of cyber security in real time to realize the safety, reliability, and resilience of a hyper-connected platform based on IoT and 5G. Technological development can proceed with the goal of cyber risk management.

Therefore, from the development of security-equipment-centered technology that has been mainstream up to the fourth generation of security, using AI-related techniques such as deep learning to proactively respond to the evolution of attackers (predictive intelligence) and abnormal behavior through the automatic learning of normal behavior, behavioral analytics/anomaly detection that detects behavior, automated security that protects and processes large volumes of traffic from endpoints, deception security that responds to mutant viruses and zombies, and low-risk unnecessary dark data identification technology that automatically deletes data can form the mainstream of next-generation security technology development.

In addition, at the national level, in preparation for the evolution of cyber-attacks that are systematic and intentionally attempted to create social chaos or steal state secrets, the cyber kill chain, a so-called cyber-strike cycle, is a concept that blocks threats applied at each stage of attack in advance. Cyber kill chain technology and security rating services (SRS) for the security supply chain could be actively studied. To actively respond to the uncertain and dynamic changes in future, it is essential to strengthen forecasts for the future and establish a strategy based on the results. Therefore, it is important to identify future-oriented cyber security convergence fields and technologies.

2.3. Field of Cyber Security

In this study, the cyber security field was derived based on the Gartner’s IT strategy technology trend in Section 2.1 and the Gartner’s hype cycle in Section 2.2. First, key keywords related to the 10 strategic technologies selected from the IT trends by year from 2010 to 2020 were derived. As introduced in Section 2.1, Gartner selects and announces 10 trend keywords expected to appear in the next year under the name of “Top 10 Strategic Trends” in October every year. The 10 strategic trends are based on analysts’ analysis, and the final 10 trend keywords are determined by considering the interests of the company and its customers. In the early stages of the study, we attempted to select a “10 trends” similarly to Gartner, but authors and experts gathered to line up dozens of keywords and compress the trends through regular online meetings and several offline meetings to extract more optimal trends. The strategic technologies and keywords derived from the top ten strategic technologies in 2019 are listed in Table 3 [44].

Table 3. Strategic skills and keywords.

Strategy Technology	Keyword
Artificial intelligence	Big Data, Artificial Intelligence, Machine Learning, Deep Learning
5G	ALL IP, Network Slicing, Network Neutrality, Cord-cutting
Robot	Artificial Intelligence, Smart Factory, Human–Robot Collaboration, Humanoid
Drone	Quadcopter, 4 Channels, Calibration, Hovering, Flight Controller
Interactive platform	Smart Secretary, Natural Language Processing, Amazon Skills, Corpus, Chatbot Builder
Realistic media	Realistic Media, Virtual Reality, Augmented Reality, Mixed Reality
Blockchain	Distributed Ledger Technology, Blockchain, Initial Coin Offering, Byzantine Generals Problem, Consensus Algorithm, Oracle Problems

Based on the compressed strategic technology trends listed in Table 3, we first classified the major categories, middle classes using the technology names of the hype cycle from 2016 to 2019, and finally sub-classifications using the relevant detailed technology names (keywords). For instance, as summarized in Table 4, network security is set as a major classification essential for “artificial intelligence”, “5G”, and an “interactive platform” strategic technology, and it is classified as a medium classification using “cloud security assessments”, the technology name of the 2019 hype cycle. Select “Cloud Security”. In addition, when mapping topics extracted from future research experiments, “virtualization platform security”, cloud security services, and “software-defined security” are specified as sub-categories for the comparison of related keywords.

Table 4. Cyber security field.

Main Category	Middle Category	Small Category	Hype Cycle Technology Name
Network Security	Wired network security	Perimeter security	IDPS
		Secure connection
		DDoS response
	Wireless network security	Mobile communication network security	Mobile Threat Defense
		Wireless local area network security
	Cloud security	Virtualization platform security	Cloud Security Assessments
		Cloud security service
		Software defined security
Data and application service security	Application security	Web security	Secure Web/Gateways
		Email security
		Database security
	Data security	Privacy protection	Data Loss/Prevention
		Data leakage prevention
		Digital copyright infringement/right protection
	E-money, Fintech security	E-money security	The Programmable/Economy
		Blockchain security
		Electronic transaction/abnormal behavior detection
		Prevention of transactions and fraud
	Digital forensics	Digital Evidence/Collection and Analysis	E-Discovery Software
		Anti-Forensic Response
Physical Security	Human/bio-recognition	Biometric sensor	Biometric/Authentication/Methods
		Biometric engine
		Human recognition and search
		Human/bio-recognition application
	CCTV surveillance/control	Camera and storage device	Video/Image Analytics
		VMS/integrated control
		Intelligent video surveillance
		CCTV infrastructure protection
	Secure search and unmanned electronic guard	Interpersonal Search Machine
		Luggage/Luggage Finder
		Alarm monitoring
		Unmanned electronic security service
System and password security	Cryptographic technique	Password design	Database Encryption
		Cryptographic side channel analysis
		Password analysis
	Certification/authorization technique	Universal authentication	Externalized Authorization Management
		ID management and access control
		Bio certification
	Security vulnerability	SW vulnerability analysis	Vulnerability Assessment
		HW vulnerability analysis
	System security	Operating system security	Data Loss Prevention
		Virtualization security
		System access control
	Malware	Malware response	DLP for Mobile Devices
		Ransomware response
	Threat analysis and control	Intelligent cyber threat analysis	SIEM
		Security information analysis and log management
		Security control
IoT Security	Home city security	Home City Device Security and Control	Smart City Framework
		Home City Data Privacy
	Industrial control system security	Smart factory security	Operational Technology Security
		Infrastructure security
		Smart energy security
	Vehicle security	Communication security inside and outside the vehicle	Mobile Device Integration Into Automobiles
		Access control inside and outside the vehicle
		Car intrusion detection
		Vehicle security vulnerability diagnosis
	Ship, ocean, and air security	Prevention of hacking of autonomous ships	Autonomous Vehicles
		Shipping port communication security
		Marine infrastructure security control
		Unmanned vehicle security
		Aviation infrastructure security control
	Healthcare, Medical security	Healthcare device/sensor security	Real-Time Health System Command Center
		Medical data security and sharing
	Other ICT security	Artificial intelligence and robot security	IoT Securities

The cyber security areas derived based on keywords derived from IT strategy technology from 2010 to 2020 and keywords mentioned in the hype cycle are summarized in Table 4.

The final cyber security domain derived, as summarized in Table 4, was divided into five major categories, 22 medium categories, and 65 small categories. In this study, using keywords in topics extracted from papers and patents, the topics were mapped to the cyber security areas in Table 4.

2.4. Contribution, Discussion, and Insights from This Study

The contributions of this study are as follows:

First, it monitors key cyber security convergence fields and technologies to provide practical insights to companies and experts for developing cyber security solutions. This is the first approach to understanding the types of cyber security technology convergence fields and the changes in the development of cyber security technology.

Second, by visualizing cyber security convergence fields and technologies, it monitors the core technologies that are being developed, mainly for cyber security.

The main discussions of this study are as follows:

First, according to the cyber security convergence trend, cyber security technology is mainly being developed in the fields of home city, wireless network, application, authentication/authorization technology, wired network, security vulnerabilities, threat analysis, and control. Cyber security technology is directly or indirectly related to cyber security administrators as well as system operators and developers.

Second, this study shows core cyber security technologies based on keywords extracted from papers and patents; however, detailed technical specifications for safety innovation are not mentioned. To provide more implications for cyber security managers and technology researchers, individual characteristics such as author information, number of citations, citation relationship, commercialization, institution, and country of papers and patents should be examined. If these studies are supported, more accurate and specific results for each cyber security field can be derived in future studies.

Third, trend prediction for cyber security convergence fields and technologies can be used to prevent and solve the security problems of various cyber systems used in ICT and related industries. When the risk keywords extracted from the cyber safety accident report are used together, new insights can be obtained to discover and predict new cyber security technologies that can solve not only actual security problems but also various security problems that may occur in the future.

The insight of this study is that understanding changes and trends in the field of cyber security convergence is the most efficient way to respond to cyber security threats and risks proactively, and it is crucial in the development of next-generation cyber security technologies.

3. Research Methodology

3.1. Introduction to the Research Process

In this study, papers published for 11 years (2010–2020) and patents in the information security field were collected from four major societies (ACM CCS, Usenix Security, IEEE Security & Privacy, and NDSS) that boast the highest authority in the field of information security. Through the developed web crawler, metadata including title, author, abstract, publication year, thesis, and patent files were collected. Accordingly, approximately 4200 papers and 3100 patents were collected as experimental subjects.

In this study, major topics and key keywords were extracted from the collected papers and patents, and the cyber security field was derived. Based on keywords connected by field, it analyzes changes in cyber security convergence fields and technologies over time to monitor newly emerged convergence fields and convergence fields that have continued or disappeared. Finally, the cyber security convergence field and technology trends were predicted through an analysis of the convergence field and technology trends. To conduct such a rational study, we analyzed various existing technology prediction methodologies and applied them to our experiments by optimizing them.

In terms of technology, the advantage of this study is that it utilizes the latest deep learning technologies, such as LDA, DTM, and LSTM, which will be introduced next. In general, the Delphi method, which listens to the opinions of experts, is used to predict the future of science and technology, but the accuracy is not high at approximately 30%. Using self-learning AI deep learning technology, the network structure information, keywords, and research fields of each technology group were digitized. Based on the deep learning future prediction model created in this way, it is possible to derive cyber security technology and show a high level of prediction accuracy.

3.2. Deep Learning Algorithm for Identification and Prediction of Cyber Security Technology and Convergence Fields

Technological forecasting methods have been developed in various forms, depending on the purpose of forecasting, the scope of forecasting, the nature of technology, and the degree of data accumulation. Recently, rather than using each method individually, a form of using a mixture was developed, and the method was modified and optimized according to the subject of use. The following introduces the algorithms (LDA, DTM, and LSTM) used as text-analysis-based probabilistic topic model techniques applied to actual research experiments in this study.

LDA is a topic-modeling technique for detecting potential topics for a given large number of documents. LDA clusters documents by using hidden topics. LDA assumes that documents contain one or more topics, selects the nth word from each document, and has the largest multiplication value of the probability distribution of the topic for the document containing that word, and the probability distribution of the word for the topic is assigned to the nth word. That is, LDA is a probabilistic model for which topics exist in each document for a given document, and the schematic diagram is shown in Figure 3.

Figure 3. Schematic of LDA.

In Figure 3, the probabilities that the words attack, privacy, and detection appear in the yellow topic are 0.04, 0.02, and 0.01, respectively, indicating that it is an information-security-related topic. Because the proportion of words corresponding to yellow topics is greater than that corresponding to blue and red topics in each document, the main topic of the document is likely to be a yellow topic (related to information security). The LDA is a useful method in natural language processing, such as classification, summary, similarity, and relevance judgment.

LDA has been used in fields related to academic literature analysis, and attempts to use topic modeling for trend analysis have increased since then. A representative example is the DTM. Figure 4 shows a schematic of the DTM.

Figure 4. Schematic of DTM.

The DTM is a probabilistic time-series model for analyzing the evolution of subjects over time. For instance, in the case of LDA, assuming that there is a document set created between 2016 and 2020, the entire document set is first divided into five sets by year to analyze the subject change over the five years. If the number of topics is designated as 10 and LDA topic modeling is performed for each year, 50 (5 × 10) topics are derived. However, it is impossible to analyze trends, because all 50 derived topics may differ. Therefore, for trend analysis, it is necessary to show that themes are connected and change by year. That is, the nth theme of 2018 should be similar to that of 2017. The DTM adds the condition that the topics of the current year are similar to those of the previous year; therefore, the proportion of literature belonging to the topic and how the topic changes over time.

Because conventional neural networks currently only consider the input data, a recurrent neural network (RNN) has emerged to process continuous data. An RNN is an artificial neural network for learning data that changes over time, such as time-series data, and the present result is related to the previous result because it recursively refers to past output data. However, learning ability is significantly reduced when the distance between the information related to the past and the point where the information is used is long. To overcome this problem, long short-term memory (LSTM) was devised by adding the cell-state to the RNN’s state. Figure 5 shows the network structure of the LSTM.

Figure 5. LSTM network architecture.

Figure 5 shows the overall network structure of the LSTM, which consists of four gates. The forget gate decides which information to forget from the hidden state information of the previous step, and the input gate decides which information to store. That is, it determines how much of the value of the previous cell state is reflected in the value of the current cell state. The value determined by the forget gate and the input gate is updated from the previous cell state to the new cell state in the update gate. Finally, the output gate determines the value to transfer to the hidden state of the next stage from the finally obtained cell state value. These LSTMs exhibit good performance in predicting time-series data by solving the long-term dependency problem.

In this study, LDA was used to extract major topics (areas) and key keywords (techniques), DTM was used to analyze changes in topics and keywords, LSTM was used to predict trends of topics and keywords that were optimized for collected papers and patents, and research experiments were conducted.

4. Research Experiments

4.1. Experimental Data

In this research experiment, the 2010–2020 papers from four major societies (ACM CCS, Usenix Security, NDSS, IEEE Security & Privacy), which boast the highest authority in the field of information security, and patents collected through keyword searches in various security fields were utilized. Approximately 1600 papers from the ACM CCS conference, 800 papers from the Usenix Security conference, 600 papers from the NDSS conference, and 1200 papers from the IEEE Security & Privacy journal were collected. Additionally, approximately 3100 pieces were collected. In addition, related metadata were collected. Table 5 presents specific information and examples of metadata for the collected papers and patents.

Table 5. Examples of papers and patent information as well as metadata.

Type		Conference and Journal Scope and Patent Search Keywords
Paper Scope	ACMCCS	Cryptography, formal methods and theory of security, security services, intrusion/anomaly detection and malware mitigation, security in hardware, systems security, network security, database and storage security, software and application security, human and societal aspects of security and privacy, etc.
	Usenix Security	System security, network security, security analysis, data-driven security and measurement studies, privacy-enhancing technologies and anonymity, language-based security, hardware security, social issues and security, applications of cryptography, etc.
	NDSS	Cyber-crime defense and forensics, security and privacy for blockchains and cryptocurrencies, security for cloud/edge computing, security and privacy of mobile/smartphone platforms, security for cyber–physical systems, security and privacy of systems based on machine learning and AI, etc.
	IEEE Security & Privacy	Application security, attacks and defenses, authentication, blockchains and distributed ledger security, cloud security, cyber physical systems security, distributed systems security, embedded systems security, forensics, etc.
Patent Search Keywords		Application security, authentication technique, cloud security, cryptographic technology, digital forensics, home city security, ICT security, industrial control system security, malware, threat analysis and control, wireless network security, etc.
Example of Metadata of Paper and Patent		Title	Finding File Upload Bugs via Penetration Testing
		Author	Taekjin Lee, Seongil Wi, Suyoung Lee, Sooel Son
		Abstract	An Unrestricted File Upload (UFU) vulnerability is a critical security threat that enables an adversary to upload her choice of a forged file to a target web server.
		Date	9 November 2020
		File	NDSS2020_17.pdf

4.2. Cyber Security Related Papers and Patent Trend Analysis

Cyber security technology is rapidly advancing daily, and the rationale for this is presented through conferences, journals, and patents. Therefore, continuous monitoring of these major papers and patents is essential for identifying and analyzing the technological development and research direction of the research community of leading global countries. The recent changes in the number of papers and patents per year in the cyber security field are shown in Figure 6.

Figure 6. Cyber-security-related papers and patent trends.

As shown in Figure 6, except for 2020, the number of papers and patents has continued to increase. This suggests that the importance of technology development and related research on cyber security has been steadily maintained over the past 11 years. However, the decrease in the number of patents in 2019 could be because it takes some time from application to registration for patents, and the slight decrease in the number of papers and patents in 2020 is attributed to COVID-19. Therefore, the number of papers and patents in 2020 should be viewed from a relative point of view rather than interpreted as an absolute number. Through such monitoring, we can estimate the direction of the advancement of future cyber security technology, and it can be used to predict the commercialization potential and timing of the technology.

4.3. Cyber Security Keyword Extraction and Domain Identification

The keywords for each topic of the thesis and patents from 2010 to 2020 extracted using the LDA algorithm are summarized in Table 2. Keywords in these topics can provide detailed descriptions of papers and patents. Therefore, the subject of this thesis and patent documents can be derived from the technical keywords extracted from the LDA algorithm. In this case, unnecessary keywords are automatically removed by the technical stop word dictionary in the text mining process, which is the preprocessing stage of the LDA algorithm. Table 6 summarizes examples of the top 10 keywords by recent papers and patent topics in 2020.

Table 6. Examples of keywords by LDA papers and patent topics (2020).

Paper Topic	Keywords	Patent Topic	Keywords
Topic 1	strategy, vulnerability, payment, crash_report, merchant, circumvention, algorithm, flash, card, attack	Topic 1	merchandise, patient, file, method, item, clinician, device, includes, base, programming
Topic 2	cache, extension, server, device, packed, defense, packing, chaperone, blacklist, compliance	Topic 2	security, data, programmable, code, switching, cloud, metadata, home, physical, vulnerability
Topic 3	access, speech, attack, service, webassembly, device, macao, keyvalue, oram, delegation	Topic 3	medical, threat, payment, data, binary, device, rolling, vehicle, healthcare, provisioning
Topic 4	unpublished_manuscript_inclusion_upcoming, prospective_author_requested_submit, event_described_paper, manager, keyless_entry, project, genetic, custos, phmon, finauth	Topic 4	token, resource, control, server, node, characteristic, packet, message, network, monitoring
Topic 5	coverage, collision, stealthy, impact, investigation, document, protection, accident, vulnerability, malware	Topic 5	provider, platform, identity, service, network, subscriber, policy, security, layer_signaling, application
Topic 6	firmware, isolation, grid, revocation, inverter, system, preview, attack, sender, email	Topic 6	droplet, related, analyte, molecule, portion, commitment, quality, warm, performance, constraint
Topic 7	skill, functional, dongle, uiscope, block, mining, ecommerce, conversation, unsolicited, privacy sensitive	Topic 7	module, extracted, registered, evidence, verification, set, copy, card, sending, artifact
Topic 8	allegation, trusted, poisoning, twitter, label, path, sealer, tkperm, package, escrow	Topic 8	credential, image, pixel, administrative, standard, digital, private, encoded, region, portion
Topic 9	advice, droplet, filtering, netwarden, database, packet, besfs, seal, covert, intelligence	Topic 9	domain_name, training, score, accelerator, test, model, legitimate, train, learning, target
Topic 10	plane, censor, upload, proxy, nonce_leakage, vulnerability, fuzzing, ecdsa, enclave, trip	Topic 10	authentication, radar, principal, computing, advanced, weather, banking, login, mobile, surveillance

As summarized in Table 6, the topic was determined by mapping the keywords for each topic extracted from the papers and patents for each year to the cyber security area derived based on the IT strategy technology and hype cycle in Section 2.3. It may be difficult to classify papers and patents that contain technical keywords into specific fields because general keywords that describe cyber security technologies may be included in this process. In this case, subject classification was performed while manually analyzing the thesis and patent with an expert. As this is the first study to identify the cyber security convergence field and technology, the cyber security field was finally specified with the help of experts after targeting as many and various keywords as possible. Table 7 summarizes the topic mapping results of papers and patents by year according to cyber security area. To view the topic tendency of the thesis and patents together, topics extracted from the thesis are indicated in red and topics extracted from patents are indicated in blue.

Table 7. LDA’s cyber security field mapping.

Main Category	Middle Category	2010	2011	2012	2013	2014	2015	2016	2017	2018	2019	2020
Network Security	1. Wired network security	T3	T7 T3	T1, T10		T4		T7	T1	T1	T7	T2 T3
	2. Wireless network security	T5, T6	T1, T3	T3, T5 T3, T4, T10	T1, T8 T2, T3, T6	T4 T2, T3, T8	T3 T3, T8	T9 T4, T9	T1, T2, T8	T2, T7 T8, T10	T1 T1, T5, T8, T10	T9 T5
	3. Cloud security	T5, T8, T3 T2	T2, T6, T7 T2, T4	T2, T3, T10 T2, T4	T2, T4 T3, T6, T9	T5, T6, T7 T4, T5, T6, T7	T6 T2, T4	T7, T8 T1, T7	T2, T5 T3, T7	T3, T4, T5, T8	T6, T7	T3, T5 T2
Data and application service security	4. Application security	T1, T7, T3	T5	T1, T2, T6, T4, T8	T5, T6, T7, T8, T2, T4, T9	T5	T1, T2, T7 T4, T10	T10 T1, T7	T1	T4	T1 T4	T2, T6 T2
	5. Data security	T2, T4		T4 T3	T10	T8, T10	T8, T9 T8	T1 T7	T7	T3	T2, T3	T4 T2, T6, T7
	6. E-money, Fintech security	T4, T10, T1, T10		T7 T1, T2, T3, T6	T5 T2, T10	T1	T4, T10 T9	T10 T3	T3, T10 T9	T6, T7, T8 T1, T3, T4	T2, T7, T10 T1, T3, T4, T8	T2, T7
	7. Digital forensics	T3		T4		T9		T3, T5			T9	T3, T10
Physical Security	8. Human/bio-recognition	T2, T8	T10	T4, T7	T2	T2			T9	T9 T9, T10		T3, T9 T10
	9. CCTV surveillance/control	T4, T7, T9				T6, T7	T7	T2
	10. Secure search and unmanned electronic guard	T3, T5, T9	T8, T10	T1	T2, T4	T2, T9	T1, T4, T7	T10	T10	T7	T7	T4
System and password security	11. Cryptographic technique		T9	T4	T2	T3	T7 T5	T6	T2	T3, T10	T3, T5, T9 T9	T8
	12. Certification/authorization technique	T8	T3, T5 T1, T7	T1 T7	T3, T9 T7	T4, T6 T1, T8, T9	T7 T9	T1 T2	T4, T6, T7, T9 T3	T2, T4, T9 T4, T7	T3, T6	T4, T9 T8, T10
	13. Security vulnerability	T6	T4, T6, T7 T2, T9	T8, T10	T1, T2, T4, T5, T1, T4, T7	T1, T2 T4	T5	T5 T4, T6	T9 T4	T1, T5 T2, T5	T2, T6, T8 T6	T1, T6 T4
	14. System security	T8	T1 T4, T6		T1, T2	T6	T6
	15. Malware	T1, T9	T1, T3, T4	T2, T6, T7, T9	T4, T6 T3	T2	T6 T8	T2, T4 T1, T4, T7, T9	T2, T7, T9 T2, T7	T3, T8	T1, T8, T10	T2, T5 T1, T4
	16. Threat analysis and control	T8 T9	T2 T10	T7 T6, T10	T8 T8	T5 T7	T10 T6	T7, T9 T3	T5 T1, T5	T8 T5, T7	T7 T4, T5, T10	T10 T4
IoT Security	17. Home city security	T9 T2	T8 T7	T6 T1, T9	T1, T3, T4, T6 T8	T2 T3, T5, T10	T8 T1	T9 T7	T6, T7	T2 T5	T4 T2	T2 T7
	18. Industrial control system security			T8		T3		T8	T6
	19. Vehicle security	T1				T9 T10		T4 T5	T1 T1, T5, T8	T6	T4 T1, T5	T7 T3
	20. Ship, ocean, and air security		T5			T9						T10
	21. Healthcare, Medical security	T6	T8 T6	T5, T6, T10, T7	T1 T5	T1, T2, T6	T3 T2, T3, T8	T2, T6	T1		T1 T6	T1, T3
	22. Other ICT security						T8	T3	T8		T5	T5 T9

As summarized in Table 7, the cyber security area is divided into five major categories: network, data and application service, physical, system and password, and IoT security. The thesis mainly focused on the middle classification of network, data and application service security, as well as system and password security, and patents were mainly focused on physical and IoT security. This is because papers mainly contain experimental techniques, and patents contain practical techniques. Network security is divided into three major categories: wired, wireless, and the cloud. Although related topics appear every year in the wired network security area, the wireless network security area has shown a more pronounced technological growth since 2012 than the wired network security area. Along with cloud security, technological development has been steadily progressing from 2010 to 2020.

Data and application service security can be divided into four major categories: application, data, electronic money/fintech, and digital forensics. Generally, the application security area and electronic money/fintech security area occupied a large proportion, and the applied security area mainly focused on related topics in 2012, 2013, and 2015. The related topics were concentrated in 2019. Related topics appeared every year in the data security area and intermittently in the digital forensics area. Physical security is divided into four major categories: human/bio-recognition, CCTV monitoring/control, security searches, and unmanned electronic security. Technological advances were strong in 2010 in the areas of human/bio-recognition, security search, and unmanned electronic security, and the human/bio-recognition area showed strength again in 2018 and 2020, and the CCTV monitoring/control area started in 2014. After the rebound in 2016, the security screening and unmanned electronic security sectors rebounded in 2015.

System and password security are divided into six major categories: encryption technology, authentication/authorization technology, security vulnerability, system security, malicious codes, as well as threat analysis and control. Generally, authentication/authorization technology, security vulnerability, and malicious code areas account for a large proportion, and technology development is being made steadily every year. In addition, cryptographic technology, threat analysis, and control areas have shown strength again since 2018. Related topics in the area of system security appear sporadically. IoT security is divided into nine major categories: home city, industrial control system, automobile, shipping, marine, aviation, healthcare, medical security, and other ICT security. Home city security occupies the largest share, followed by healthcare, medical, and automobile security. In addition, related topics sporadically appeared in the industrial control system security area, ship, marine, aviation security, and other ICT security areas.

Table 8 summarizes the network visualization of the LDA results and convergence regions to identify convergence regions by major year. Network analysis in the cyber security convergence field by major year analyzed the period from 2010 to 2020 in two-year units. Keywords connected between topics were used to identify the cyber convergence field.

Table 8. Cybersecurity convergence area network by major years.

Visualization in 2010	Convergence Area	Connection Keyword
	Healthcare, medical security Wireless network security	Authentication
	CCTV surveillance/control Cloud security Data security Home city security Human/bio-recognition Secure search and unmanned electronic guard	Device
	Application security Malware	Malware
	CCTV surveillance/control E-money, fintech security Secure search and unmanned electronic guard	Method
	Cloud security E-money, fintech security Secure search and unmanned electronic guard	Network
	CCTV surveillance/control E-money, fintech security Secure search and unmanned electronic guard Threat analysis and control Vehicle security	Security
	Cloud security Secure search and unmanned electronic guard Wireless network security	User
Visualization in 2012	Convergence Area	Connection Keyword
	E-money, fintech security Home city security Secure search and unmanned electronic guard	Device
	Cloud security E-money, fintech security	Security
Visualization in 2014	Convergence Area	Connection Keyword
	Cloud security Healthcare, medical security Human/bio-recognition Secure search and unmanned electronic guard Wireless network security	Device
	Cloud security Home city security Security vulnerability Wireless network security	Security
Visualization in 2016	Convergence Area	Connection Keyword
	Application security Cloud security Malware	Data
	Healthcare, medical security Malware	Device
	Application security Cloud security Malware Security vulnerability Wireless network security	Security
Visualization in 2018	Convergence Area	Connection Keyword
	Cloud security E-money, fintech security Security vulnerability Threat analysis and control	Data
	Certification/authorization technique Cloud security E-money, fintech security Security vulnerability	Device
	Cloud security Eata security E-money, fintech security Malware	Malware
	Cloud security E-money, fintech security	Method
	E-money, fintech security Security vulnerability	Security
	Certification/authorization technique E-money, fintech security	User
Visualization in 2020	Convergence Area	Connection Keyword
	Application security Certification/authorization technique Cloud security Data security E-money, fintech security Home city security Human/bio-recognition Malware Security vulnerability Wired network security	Attack
	Application security Cloud security Data security Healthcare, medical security	Data
	Application security Cloud security Digital forensics E-money, fintech security Healthcare, medical security Home city security Human/bio-recognition Malware Wired network security	Device
	Malware Security vulnerability Wireless network security	Network
	Application security Cloud security Data security Healthcare, medical Security Malware Wireless network security	Security
	Malware Wired network security	Server
	Application security Malware Security vulnerability	System
	Application security Cloud security Malware Security vulnerability	Vulnerability

As summarized in Table 8, seven convergence areas existed in 2010 based on the connection keywords authentication, device, malware, method, network, security, and user. A convergence area is formed around CCTV surveillance/control, cloud security, secure search, and unmanned electronic guards. In 2012, two convergence areas existed based on the connection keywords device and security, and convergence areas centered on e-money and fintech security areas were created.

In 2014, two convergence areas existed based on the connection keywords device and security, and convergence areas centered on cloud security and wireless network security areas were created. In 2016, three convergence areas existed based on the connection keywords data, device, and security, and convergence areas have been created centered on application security, cloud security, and malware areas.

In 2018, there were six convergence areas based on the connection keywords data, device, malware, method, security, as well as user, and convergence areas were created around cloud security, e-money, fintech security, and security variability areas. In 2020, there were eight convergence areas based on the connection keywords attack, data, device, network, security, server, system, as well as viability, and convergence areas were created around application security, cloud security, malware, application security, and security.

Based on these connection keywords, it is possible to analyze the convergence relationship by year between the cyber security domains. However, there is a limit to grasping the flow of the convergence area because the topics extracted by LDA by year do not have connectivity by year. Therefore, in Section 4.4, we used the DTM algorithm.

4.4. Trend Analysis of Cyber Security Area and Convergence Field

The second approach applied to analyze changes in cyber security and convergence fields is to use the DTM algorithm to identify theses and patent trends for the entire year.

The DTM algorithm, a probabilistic time series model, was applied to papers and patents from 2010 to 2020. When a topic is derived for each year using LDA, it is impossible to analyze the topic change because the topics are different. Therefore, to analyze topic trends, it is necessary to show that topic changes by year are connected. The DTM extracts topics by year by adding the condition that the topics of the current year are similar to those of the previous year; therefore, it is possible to identify the trends of topics.

In this section, the topics derived from the DTM results are mapped to the cyber security domain, just as the topics derived from the LDA results are mapped to the cyber security domain in Section 4.3. In this case, the entire year was input as one dataset without dividing the thesis and patent by year. Table 9 and Table 10 summarize the mapping results of the DTM topic keywords and DTM topics according to the cyber security domain. As mentioned above, the DTM shows the keywords of the recent 2020 topics as examples because topics by year have similar keywords. Similar to LDA, topics extracted from the thesis are displayed in red and topics extracted from patents are displayed in blue.

Table 9. Examples of keywords by DTM thesis and patent topic (2020).

Paper Topic	Keywords	Patent Topic	Keywords
Topic 1	computation, efficient, protocol, secure, cryptographic, encryption, practical, implementation, scheme, server, encrypted	Topic 1	associated, request, access, server, communication, device, network, second, client, authentication, wireless
Topic 2	adversary, channel, cache, attacker, defense, network, attack, mechanism, vulnerability, server, threat, authentication, vulnerable, system, demonstrate	Topic 2	communication, packet, system, mobile, device, network, node, includes, vehicle, computing, control
Topic 3	software, policy, control, tool, flow, memory, fuzzing, bug, implementation, vulnerability, application, program, kernel	Topic 3	memory, industrial, device, cryptographic, processor, includes, value, unit, operation, control
Topic 4	binary, detection, feature, detecting, accuracy, tool, classifier, malware, spam, model, detect, technique, domain, malicious	Topic 4	software, target, object, test, vulnerability, network, detection, malware, includes, source, sample, identifying, embodiment
Topic 5	password, website, user, payment, internet, network, account, site, content, online, service, transaction	Topic 5	medical, financial, patient, communication, encrypted, healthcare, device, document, transaction, record, secure, message
Topic 6	software, policy, author, challenge, technology, risk, issue, trust, secure, cyber security, development, article, community, threat, system	Topic 6	home, method, user, searching, system, smart, network, search, result, database, engine, provides, query
Topic 7	android, device, user, image, permission, mechanism, mobile, location, access, application, authentication	Topic 7	associated, threat, process, system, event, detection, second, includes, action, automation, control
Topic 8	enclave, intel, phone, attack, voice, manager, processor, hardware, trusted, system, audio	Topic 8	service, said, platform, access, customer, entity, container, environment, storage, cloud, policy, virtual
Topic 9	router, anonymity, advertisement, workshop, society, internet, network, networking, routing, edge, paper, node	Topic 9	merchandise, component, plurality, system, sensor, vulnerability, configured, includes, risk, score, item
Topic 10	storage, provenance, service, provider, process, memory, cloud, monitoring, access, cloud computing, system, overhead, event	Topic 10	image, display, camera, content, forensic, digital, position, portion, structure, apparatus, includes, circuit, capture

Table 10. DTM’s cyber security field mapping.

Main Category	Middle Category	2010 Year–2020 Year
Network Security	1. Wired network security	T2
	2. Wireless network security	T2 T2
	3. Cloud security	T10 T8
Data and application service security	4. Application security	T9 T6
	5. Data security	T6
	6. E-money, Fintech security	T5 T5, T10
	7. Digital forensics	-
Physical Security	8. Human/bio-recognition	-
	9. CCTV surveillance/control	-
	10. Secure search and unmanned electronic guard	T9
System and password security	11. Cryptographic technique	T1
	12. Certification/authorization technique	T8 T1
	13. Security vulnerability	T3 T3
	14. System security	-
	15. Malware	T2, T4 T4
	16. Threat analysis and control	T6 T7
IoT Security	17. Home city security	T7 T2, T6
	18. Industrial control system security	-
	19. Vehicle security	-
	20. Ship, ocean, and air security	-
	21. Healthcare, Medical security	T5, T8
	22. Other ICT security	-

As summarized in Table 10, most security areas appeared as topics of DTM because of continuous technological developments over the past 11 years. However, eight areas (digital forensics, human/bio-recognition, CCTV surveillance/control, system security, industrial control system security, automobile security, ship, marine, aviation security, and other ICT security areas) are similar to Section 4.3. As seen in the LDA results of the section, the topics did not appear in the results of the DTM because the topics appeared sporadically in a specific year or intermittently during a specific year period.

In this study, the average number of papers and patents for each area, proportion of the total area, and compound annual growth rate (CAGR) were analyzed, as summarized in Table 11, to grasp the technology trends in the cyber security area dynamically. During trend analysis, as observed in Section 4.2, the latest year standard was set for 2019, as paper publications and patent registrations were not active in 2020 owing to the impact of COVID-19.

Table 11. Statistical information on papers and patents in the field of cyber security.

Security Fields	Number of Paper and Patent in Last Year (2019)	Average Number of Papers and Patent	Paper and Patent CAGR (Number)	Average Proportion of Papers and Patents	Paper and Patent CAGR (Proportion)
1. Wired network security	58	41.40	8.87%	4.25%	−0.57%
2. Wireless network security	103	73.20	12.05%	7.37%	2.33%
3. Cloud security	104	65.60	10.03%	6.61%	0.49%
4. Application security	155	121.90	10.14%	12.54%	0.59%
5. Data security	59	53.20	10.51%	5.55%	0.93%
6. E-money, Fintech security	69	81.00	6.85%	8.47%	−2.41%
10. Secure search and unmanned electronic guard	28	30.40	9.87%	3.20%	0.34%
11. Cryptographic technique	62	69.50	−1.95%	7.81%	−10.45%
12. Certification/authorization technique	35	27.20	3.36%	2.94%	−5.61%
13. Security vulnerability	103	77.80	10.48%	7.74%	0.90%
15. Malware	129	96.10	10.16%	9.73%	0.61%
16. Threat analysis and control	81	43.70	23.64%	4.20%	12.91%
17. Home city security	183	144.00	12.78%	14.57%	3.00%
21. Healthcare, Medical security	55	49.20	9.65%	5.01%	0.14%

Cyber security fields, where many papers and patents have recently appeared, include home city (183), application (155), malicious code (129), cloud (104), wireless network, and security vulnerabilities (103). To develop and operate safe cyber systems in various fields that utilize cyber systems in the era of the fourth industrial revolution, various security fields have received attention from academia and practice. Table 11 summarizes the statistical information on papers and patents in the field of cyber security.

From 2010 to 2019, the fields of cyber security that consistently produced many papers and patents were home city security (144.00), application security (121.90), malicious code (96.10), and electronic money/fintech security (81.00). Naturally, the average ratio shows a similar pattern to the average number, with home city security accounting for a large proportion (14.57%) and then followed by application security (12.54%), malicious code (9.73%), and electronic money/fintech security (8.47%). These results indicate that the importance of cyber security has been continuously focused on in various fields over the past decade, and most of the interest in cyber security has arisen from attempts to solve problems and prevent risks using advanced technologies. For instance, home cities, which have converged with cutting-edge technology with the highest number of papers and patents, are increasingly targeted by cyber-attacks. If a security incident occurs in cyber–physical systems, such as the energy infrastructure constituting the home city, connected IoT, and the cloud, the destructive power will not be limited to cyberspace, but it will destroy the physical real world. Therefore, technological advances have been made.

As shown in Figure 7 and Figure 8, the change in the average number and ratio of papers and patents by the cyber security field on an annual basis is useful for understanding trends in the cyber security field. Furthermore, the rate of increase in the number and ratio of papers and patents in the cyber security field is an effective indicator for estimating cyber security technology trends. Among them, the measurement of CAGR is useful for monitoring cyber security technology trends. CAGR was calculated to identify typical exponential growth rates when the exponential growth interval was one year. Therefore, the growth rate of several cyber-safety fields is important for trend identification.

Figure 7. Changes in the average number of papers and patents by cyber security field on an annual basis.

Figure 8. Changes in the average ratio of papers and patents by cyber security field on a yearly basis.

The fields with a significant increase in the number of papers and patents were threat analysis and control (23.64%), home city security (12.78%), wireless network security (12.05%), data security (10.51%), and security vulnerabilities (10.48%). In addition, although the CAGR of most cyber security fields is increasing, wired network security (−0.57%), electronic money/fintech security (−2.41%), and authentication/authorization technology (−5.61%) have recorded negative CAGR. The encryption technology showed a significant decrease (−10.45%).

In this study, to intuitively understand and analyze the cyber security convergence field according to the cyber security domain that has this continuity, the network visualization technique and the connection keyword were used, as in the LDA in Section 4.3. Figure 9 and Table 12 present the visualization results of the DTM network for the entire year, convergence area, and connection keywords.

Figure 9. Cyber security domain networks for all years (2010–2019).

Table 12. Cyber security convergence areas and connection keywords for a full year.

Convergence Number	Convergence Area	Connection Keywords
1	Certification/authorization technique Home city security	Access
2	Malware Wired network security Wireless network security	Adversary, attack, attacker, channel, defense
3	Home city security Security vulnerability	Application
4	Cloud security Healthcare, medical security	Cloud
5	Certification/authorization technique Home city security Wireless network security	Communication
6	Home city security Security vulnerability Threat analysis and control Wireless network security	Control, environment
7	Cryptographic technique Security vulnerability	Cryptographic, implementation
8	Certification/authorization technique Home city security Security vulnerability Wireless network security	Device
9	Application security Data security Home city security	Home, search
10	E-money, fintech security Healthcare, medical security	Medical, patient, transaction
11	Home city security Wireless network security	Mobile, node, vehicle
12	Application security Certification/authorization technique Home city security Malware Wired network security Wireless network security	Network
13	Cloud security Healthcare, medical security Threat analysis and control	Policy
14	Cryptographic technique E-money, fintech security Healthcare, medical security	Secure
15	Certification/authorization technique Cryptographic technique	Server
16	Malware Security vulnerability	Software, vulnerability
17	Home city security Threat analysis and control Wired network security Wireless network security	System
18	Malware Threat analysis and control	Threat
19	E-money, fintech security Home city security	User

As shown in Figure 9, if we analyze the DTM network visualization result, it consists of 19 convergence regions. If we analyze the trends of the 19 convergence areas, we can confirm the results in Table 13 and Figure 10.

Table 13. Papers and patent statistical information in cyber security convergence area.

Security Fields	Number of Papers and Patents in Last Year (2019)	Average Number of Papers and Patents	Paper and Patent CAGR (Number)	Average Proportion of Papers and Patents	Paper and Patent CAGR (Proportion)
Convergence 1	218	171.20	1 Wiki 0.61%	4.05%	0.20%
Convergence 2	290	210.70	10.51%	4.94%	0.11%
Convergence 3	286	221.80	11.90%	5.16%	1.37%
Convergence 4	159	114.80	9.90%	2.70%	−0.44%
Convergence 5	321	244.40	11.05%	5.75%	0.60%
Convergence 6	470	338.70	13.28%	7.82%	2.62%
Convergence 7	165	147.30	3.99%	3.62%	−5.79%
Convergence 8	424	322.20	10.91%	7.54%	0.47%
Convergence 9	397	319.10	11.34%	7.56%	0.87%
Convergence 10	124	130.20	8.01%	3.14%	−2.15%
Convergence 11	286	217.20	12.51%	5.07%	1.93%
Convergence 12	663	503.80	10.45%	11.90%	0.06%
Convergence 13	240	158.50	12.98%	3.66%	2.36%
Convergence 14	186	199.70	3.54%	4.96%	−6.20%
Convergence 15	97	96.70	−0.34%	2.51%	−9.71%
Convergence 16	232	173.90	10.30%	4.04%	−0.07%
Convergence 17	425	302.30	13.31%	7.02%	2.65%
Convergence 18	210	139.80	13.72%	3.22%	3.03%
Convergence 19	252	225.00	10.82%	5.34%	0.39%

Figure 10. Changes in the average ratio of papers and patents by cyber security convergence area on a yearly basis.

From 2010 to 2019, the convergence field with a high proportion of papers and patents was convergence 12 (11.90%), followed by convergences 6 (7.82%), 9 (7.56%), 8 (7.54%), and 17 (7.02%). These results indicate that cyber security technology is also developing in the form of convergence security according to the convergence development flow of ICT technology.

Convergence fields with a steady increase in the number of papers and patents were typically convergences 18 (3.03%), 17 (2.65%), 6 (2.62%), and 13 (2.36%). In addition, although the CAGR of most cyber security convergence fields is small, they show an increasing trend, but convergences 15 (−9.71%), 14 (−6.20%), and 7 (−5.79%) show a significant decrease. These results indicate that in the conventional security field (convergences 15, 14, and 7), an integrated security control center (SOC) was established to respond to security threats, and information protection and personal information protection systems were established to counter human security control and infringement. Recently, with the advent of the untact era, the use of cloud services has rapidly increased and security threats are increasing accordingly. It is necessary to build an automated security system in these cloud services (convergences 18, 17, 6, and 13), unlike conventional security, which shows that related technologies are developing.

5. In-Depth Analysis of Cyber Security Convergence Area

5.1. Connection Strength in the Cyber Security Convergence Domain

In Section 4.4, to extract the cyber security convergence field, the keywords that occurred simultaneously among the keywords of the topics within each cyber security area were used as a link. These connection keywords may indicate the degree of convergence in the cyber-convergence field. That is, according to the high and low frequency of the appearance of connected keywords, or the large and small number of connected keywords, it was found to have a high correlation in cyber convergence. Therefore, because the connection keyword indicates the degree of connection of convergence, it is possible to analyze the trend of changes in the cyber security area and related technologies over the past decade. Table 14 presents the DTM network visualization results for the entire year according to the strength of the connection keywords, convergence area, and connection keywords.

Table 14. Cyber security field and convergence sector network for the full year.

Connection Strength (1)	Convergence Area	Connection Keyword
	Certification/authorization technique Home city security	Access
	Malware Wired network security Wireless network security	Adversary, attack, attacker, channel, defense
	Home city security Security vulnerability	Application
	Cloud security Healthcare, medical security	Cloud
	Certification/authorization technique Home city security Wireless network security	Communication
	Home city security Security vulnerability Threat analysis and control Wireless network security	Control, environment
	Cryptographic technique Security vulnerability	Cryptographic, implementation
	Certification/authorization technique Home city security Security vulnerability Wireless network security	Device
	Application security Data security Home city security	Home, search
	E-money, fintech security Healthcare, medical security	Medical, patient, transaction
	Home city security Wireless network security	Mobile, node, vehicle
	Application security Certification/authorization technique Home city security Malware Wired network security Wireless network security	Network
	Cloud security Healthcare, medical security Threat analysis and control	Policy
	Cryptographic technique E-money, fintech security Healthcare, medical security	Secure
	Certification/authorization technique Cryptographic technique	Server
	Malware Security vulnerability	Software, vulnerability
	Home city security Threat analysis and control Wired network security Wireless network security	System
	Malware Threat analysis and control	Threat
	E-money, fintech security Home city security	User
Connection Strength (2)	Convergence Area	Connection Keyword
	Malware Wired network security Wireless network security	Attack, attacker
	Cloud security Healthcare, medical security	Cloud
	Certification/authorization technique Home city security Wireless network security	Device
	Application security Certification/authorization technique Home city security Malware Wired network security Wireless network security	Network
	Application security Data security Home city security	Search
Connection Strength (3)	Convergence Area	Connection Keyword
	Malware Wired network security Wireless network security	Attack
	Certification/authorization technique Home city security Wireless network security	Device
	Application security Home city security Wireless network security	Network
Connection Strength (4)	Convergence Area	Connection Keyword
	Malware Wired network security Wireless network security	Attack
	Certification/authorization technique Home city security Wireless network security	Device
	Home city security Wireless network security	Network

The strength of the connection keyword was expressed by adding all the number of co-appearances by year in the cyber security domain, constituting the convergence domain and then normalizing it to a value between 1 and 10. That is, the lower the intensity, the lower the degree of cohesion, and the higher the intensity, the higher is the degree of cohesion. Therefore, as summarized in Table 14, 19 convergence regions appeared when the intensity was one; in the case of two and five, as well as in the case of three and four, three convergence regions appeared. In addition, it can be analyzed as a convergence relationship with a higher degree of binding, as there are more linking keywords and a low degree of binding with fewer linking keywords. For instance, in strength one, five convergence domains (malware, wired network security, wireless network security), convergence domains (e-money, fintech security, healthcare, medical security), and convergence domains (home city security, wireless) network security) are fused with three connection keywords; therefore, the internal cyber security field is more closely related than other convergence areas composed of one connection keyword.

5.2. Trend Analysis and Forecasting of Cyber Security Convergence Area

The third approach applied to analyze the development trend of the cyber security convergence field is to analyze and predict trends in the field using the LSTM algorithm.

In Section 4, the LSTM algorithm, an artificial neural network that forms a circular structure, was applied to cyber security convergence analysis using the DTM algorithm. First, to predict the trend in the cyber security convergence area, the trend was analyzed and predicted based on the annual frequency of keywords in the topic constituting each cyber security area within the convergence area. The following figures present the trend prediction results of the convergence areas. In the prediction of the convergence region, only the case of intensity one was considered because it includes all convergence regions of intensities two, three, and four. Additionally, among the cyber security convergence fields, as in Section 4.4, we focused on the convergence fields where the CAGR ratio was higher or significantly increased or decreased compared to other cyber security convergence fields. Figure 11 presents the prediction results for convergences 12, 9, and 8, which are convergence areas with high proportions. Figure 12 presents the predicted results for convergences 18, 17, 6, and 13, which are the increased convergence regions. Figure 13 presents the predicted results for convergences 15, 14, and 7, which are the decreased convergence regions.

Figure 11. Prediction of trends in convergence areas (12, 9, and 8) that had a high proportion.

Figure 12. Trend prediction of convergence areas (18, 17, 6, and 13) that increased.

Figure 13. Prediction of trends in convergence areas (15, 14, and 7) that decreased.

Analyzing the above prediction results, it is predicted that the areas of convergence with a high proportion will develop steadily in the future or they will maintain the current state. Although the convergence areas that have increased could continue to develop in the future, those that have decreased show different prediction results for each convergence area. Convergence region 15 was predicted to continue to decrease, convergence region 14 was predicted to increase, and convergence region seven was predicted to remain the same. Owing to the recent increase in network-based medical devices and medical information systems as well as the rapid introduction of cutting-edge technologies such as artificial intelligence and big data into various related systems inside and outside medical institutions, sensitive personal information, including patient information, is collected and distributed. This shows that the threat of cyber-attacks targeting medical institutions and medical information is rapidly increasing. In addition, cyber security companies have recently strengthened their growth engines with the blockchain, a priority factor for becoming industry leaders in financial services, energy, and manufacturing. This reflects the active movement to link blockchain businesses, specifically companies with technologies in the cryptographic authentication field.

In this study, the prediction of the increase/decrease trend of the cyber security convergence domain as well as the strength of connection keywords was analyzed to predict mutual organicity between convergence domains. Although it is difficult to predict perfect mutual organicity using only connected keywords, it is considered to have sufficient meaning to estimate future trends.

For mutual organicity prediction, trends were analyzed and predicted based on the annual frequency of connected keywords, such as trend prediction. In addition, only the case of intensity one was considered, and the connection keywords that converged to four or more cyber security domains were focused on. Figure 14 shows the prediction results of the control, environment, device, network, and systems, which are key connection keywords that converge to four or more security domains (convergences 6, 8, 12, and 17).

Figure 14. Key linking keyword trend prediction.

As shown in Figure 14, the connection keywords control and environment constituting convergence area six, the connection keyword device constituting convergence area eight, and the system, the connection keyword constituting convergence area 17, are expected to increase. Owing to the high degree of cohesion, they are expected to develop into a deeper relationship with each other in the future, forming an organic relationship with each other. Conversely, because the network, which is the connection keyword constituting convergence area 12, is predicted to decrease, significant differentiation is recognized over time, and detailed technologies within the convergence area can be technically commercialized from their own domains to independent domains. For example, Wi-Fi, one of the technologies in the wireless network field, is a core technology in the cloud, AI, and IoT fields; however, Wi-Fi is also changing. Wi-Fi technology has been developed around speed and performance, but recently, starting with Wi-Fi 6 (802.11ax), it has required high technology support suitable for the cloud, AI, and IoT era, such as higher speed and performance, efficiency in high-density environments, and power consumption. That is, the wireless network solution goes beyond supporting the latest technology, and its agility, simplified management, and intelligent management functions are emerging as differentiators.

6. Conclusions

This study analyzed the development, change, and evolution of related technologies that are essential for recognizing and understanding cyber security safety issues from various perspectives. Cyber security technology has been continuously developed to protect cyber systems from threats and risk factors, and it covers all aspects of cyber systems. However, very little research has been conducted on this topic.

Therefore, the contribution of this study is to monitor major cyber security convergence fields and technologies to provide practical insights for cyber security solution development companies and experts. This is almost the first approach for understanding the types of cyber security technology convergence fields and the changes in cyber security technology development. In addition, by visualizing cyber security convergence fields and technologies, it monitors which core technologies are being developed, mainly for cyber security.

That is, the innovation and novelty of this study are that, although there have been many cases of technology trend analysis research in cyber security, this is the first time a study has tried to identify and predict the flow of cyber security convergence. In addition, the research method that develops and applies the latest deep learning model will become a source technology for technology prediction studies in various fields in the future.

According to cyber security convergence trends, cyber security technology is mainly being developed in the fields of home city security, wireless network security, application security, authentication/authorization technology, wired network security, security vulnerability, and threat analysis and control. Each cyber security technology is directly or indirectly related to cyber security administrators, system operators, and developers. The highlight of this study is that understanding changes and trends in the field of cyber security convergence is the most efficient way to respond to cyber security threats and risks proactively, and it is crucial in the development of next-generation cyber security technologies.

Nonetheless, our work has several limitations, which can be addressed in future research. First, this study shows core cyber security technologies based on keywords extracted from papers and patents; however, detailed technical specifications for safety innovation are not mentioned. To provide more implications for cyber security managers and technology researchers, individual characteristics such as author information, number of citations, citation relationship, commercialization, institution, and country of papers and patents should be examined. If these studies are supported, accurate and specific results for each cyber security field can be derived in future studies. Second, trend predictions for cyber security convergence fields and technologies can be used to prevent and solve the security problems of various cyber systems used in ICT and related industries. When the risk keywords extracted from the cyber safety accident report are used together, new insights can be obtained to discover and predict new cyber security technologies that can solve not only actual security problems but also various security problems that may occur in the future. Future studies will ultimately provide detailed technical specifications and applicable technologies to deal with cyber security issues and present practical guidelines based on an analysis of papers and patents.