Next Article in Journal
Post-Quantum Migration of the Tor Application
Previous Article in Journal
A Secure and Scalable Authentication and Communication Protocol for Smart Grids
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Advancing Cybersecurity Through Machine Learning: A Scientometric Analysis of Global Research Trends and Influential Contributions

Department of Marketing Operations and Systems, Newcastle Business School, The University of Northumbria Newcastle, Newcastle upon Tyne NE1 8ST, UK
*
Author to whom correspondence should be addressed.
J. Cybersecur. Priv. 2025, 5(2), 12; https://doi.org/10.3390/jcp5020012
Submission received: 18 February 2025 / Revised: 17 March 2025 / Accepted: 20 March 2025 / Published: 22 March 2025

Abstract

:
Implementing machine learning is imperative for enhancing advanced cybersecurity practices globally. The current cybersecurity landscape needs further investigation into the potential impasse. This scientometric study aims to comprehensively analyse the study patterns and key contributions at the nexus of cybersecurity and machine learning. The analysis examines publication trends, citation analysis, and intensive research networks to discover key authors, significant organisations, major countries, and emerging research areas. The search was conducted on the Scopus database, and 3712 final documents were selected after a thorough screening from January 2016 to January 2025. The VOSviewer tool was used to map citation networks and visualise co-authorship networks, enabling the discovery of research patterns, top contributors, and hot topics in the domain. The findings uncovered the substantial growth in publications bridging cybersecurity with machine learning and deep learning, involving 2865 authors across 160 institutions and 114 countries. Saudi Arabia emerged as a top contributing nation with flaunting high productivity. IEEE and Sensors are the key publication sources instrumental in producing interdisciplinary research. Iqbal H. Sarker and N. Moustafa are notable authors, with 17 and 16 publications each. This study emphasises the significance of global partnerships and multidisciplinary research in enhancing cybersecurity posture and identifying key research areas for future studies. This study further highlights its importance by guiding policymakers and practitioners to develop advanced machine learning-based cybersecurity strategies.

1. Introduction

Cybersecurity is an emerging field within computer science that protects computer networks, information systems, and data from cybercriminals, hackers, and data breaches. Cyber threats increase due to the progression of the latest technologies, combined with the extended adoption of integrated applications. The growing frequency of such incidents and their level of complexity make the traditional protection methods insufficient, which is why new, more effective, and predictive measures are required [1]. This is where artificial intelligence (AI) is a pioneering force in revolutionising cybersecurity technologies.
Over the years, AI and ML have emerged as significant contributors to today’s cybersecurity strategies [2]. These technologies utilise data analytical models to enhance threat identification and mitigation more efficiently, coupled with accuracy, than traditional methods [3]. AI is the branch of computer science which replicates human cognitive abilities, particularly in making decisions and solving problems [4]. AI is further divided into ML, in general, and DL, in particular, which incorporates complex neural networks to analyse large chunks of data, seeking to identify one previously unknown pattern typical for a cyber threat [5].
Dasgupta, Akhtar [6] stated that intrusion detection, anomaly detection, and malware classification are some tasks in which ML techniques have been applied to achieve better results in cybersecurity. ML algorithms can, for instance, learn from network traffic to detect outliers or learn from malware features. In contrast, DL excels at more sophisticated threat detection tasks, including the categorisation of zero-day vulnerabilities or being shielded against particularly sophisticated phishing methods [7].
According to the type of learning, ML models can be supervised, unsupervised and semi-supervised. Supervised ML models learn from labelled data; unsupervised ML models learn from unlabelled data; and semi-supervised ML models learn from a combination of both [8]. Apart from the core of ML, ML’s subset DL uses neural networks with several layers (hence, ‘deep’) for working with large datasets to understand complex and large patterns like images, sound, and sequential data [9]. A notable use case for DL in cybersecurity is forming advanced threat detection systems, which can decipher novel cyber-attack types by studying large amounts of unstructured data in network traffic, system logs, and other such data [10].
ML models need to analyse vast data to identify complex cyber threats, which requires substantial computational power. For example, IDS and malware analysis require massive data processing and robust decision making in real time [11]. This high computational demand emerged when processing the multi-dimensional network traffic data, analysing patterns from the data and implementing the complex learning models are needed. The computational complexity of some of the most used ML algorithms is presented in Table 1.
ML-based cybersecurity solutions comprised human resources, the regulatory framework, and cryptography, underscoring the importance of multidisciplinary interconnection [13]. The cybersecurity regulations, along with the legal limitations, ensure data privacy and compliance. At the same time, cryptography techniques support data encryption for securing information. Finally, human awareness, training, and explainable AI are crucial in shaping security measures for an enhanced secure environment against attacks.
ML and DL have been growing across a wide array of cybersecurity domains. Endpoint security leverages ML to identify malware by analysing the behaviour of files and applications [14]. In the threat intelligence sphere, DL models are employed to analyse large amounts of data from various repositories to derive more accurate predictions of imminent cyber threats [15].
A comprehensive analysis is essential to uncovering ML and DL’s role in cybersecurity. It will help enhance the security system’s efficiency, accuracy, and scalability. The holistic view of these advanced techniques is crucial for understanding the mechanism of automatic threat detection, reducing false positives and improving response times. ML and DL establish the future of cybersecurity, possessing the ability to assimilate data presented and respond to previously concealed challenges. They offer proactive and intelligent defence against dynamic, evolving cyber threats.

2. Literature Review

The expansion of the academic literature in cybersecurity indicates that AI, ML, and DL are becoming emerging technologies that can be leveraged to tackle current complex problems. Key insights in this literature review are synthesised directly from other studies discussing how this technology changed cybersecurity practices from 2016 to 2025. In this scientometric study, the author synthesised key ideas from various studies on how AI has transformed cybersecurity practice. Through these studies, the utilisation of ML techniques has grown to combat the exponential increase in the complexity of cyber threats and how cybersecurity has evolved over the decades.
Traditionally, rule-based methodologies are employed in cybersecurity for detection and response to cyber threats [16]. Yet, traditional methods have become futile in addressing the growing complexity of the latest cyber-attacks, including advanced persistent threats (APTs) and zero-day attacks. As the volume of data generated in digital environments increased, the demand for more dynamic and adaptive solutions arose. Against this backdrop, AI and machine learning held out the promise of helping deal with these evolving troubles.
Several studies examine the growing development of AI, ML, and DL techniques in the realm of cybersecurity [17,18,19,20,21,22]. Sajid, Malik [23] shows how machine learning algorithms can enhance IDS. These algorithms learn to identify landscapes in network traffic dynamics and act on these threats independently without human intervention. Meanwhile, Alzonem, Albrecht [24] explores the application of DL models, especially convolutional neural networks (CNNs), to enhance malware detection and mitigation. Unlike traditional detection systems, which operate on beaconing known signatures, DL models learn behavioural patterns to detect new, mutated types of malware.
Furthermore, deep learning and machine learning are utilised to predict and prevent phishing attacks by looking at users’ behaviours to find anomalies within email communications [25,26]. According to Tamal, Islam [27], ML algorithms, especially supervised learning models, have been effectively trained with large datasets of phishing emails to improve prediction accuracy. Machine learning algorithms are capable of swiftly analysing a large volume of data. Organisations can use these studies’ implications to discuss other applications of these algorithms and detect fraudulent behaviour by recognising unusual patterns in financial transactions.
Several studies have critically investigated the role of ML and DL across various cybersecurity domains. A survey on malware detection examined how we can use ensemble learning techniques that combine multiple ML models to increase detection accuracy [28]. Abbasi, Shahraki [29] demonstrated that deep learning can detect anomalous network traffic more efficiently than traditional methods.
Finally, research on AI in cybersecurity applications for local government has shown its enormous potential. Boppiniti [30] indicates that AI-driven systems are increasingly used to manage public data and protect them from cyber threats. At the same time, Daneshjou, Smith [31] raises challenges about AI implementation, such as concerns over data privacy loss, the possibility of algorithmic bias or bias in the data themselves, and the requirement for rigorous testing to confirm that these systems are working as intended.
While these promise to be heartening developments, they also come with challenges. Studies discuss the limitations of AI and ML, such as the requirement for more accessible and high-quality datasets to train the models effectively [32,33,34,35,36,37]. Moreover, the insufficient explainability and transparency of AI-driven decisions are of great concern, particularly in high-stakes cybersecurity scenarios [38]. Several studies request more research on improving AI models’ interpretability so cybersecurity professionals can understand and trust the AI models’ decisions.
Overall, the reviewed literature presents scientometric analysis as a method to understand research trends and limitations. Although these studies were subject to geographical biases, limitations associated with the database, and subjectiveness in the qualitative approach, they provide valuable resources to inform future research directions. Also, expanding the scope of these studies to include more interdisciplinary approaches, diverse geographical contexts, and empirical analyses could significantly enhance our understanding of the complex dynamics within these fields [39,40,41,42].
Future cybersecurity AI, ML, and DL research will focus on emerging systems more adaptable to evolving cyber threats. According to Ajala, Okoye [43], AI and ML can have great potential in building autonomous cybersecurity systems that function autonomously to discover, analyse and respond to threats in real time. However, these models need further advancements in their accuracy and efficiency. Additionally, with the further development of cyber threats becoming more complex and sophisticated, interest in interdisciplinary approaches that combine AI with other fields like cryptography and human behaviour analysis has also been sparked. For instance, deep learning can be integrated into threat intelligence systems to detect more advanced attack patterns and predict potential vulnerabilities before exploitation [44,45].
This study presents a detailed investigation of the historical progression of ML and DL in cybersecurity, providing valuable insights that will help practitioners make more informed decisions about future AI implementation technologies in the field.
The following are the research focuses of this study:
  • To investigate the sequential growth and trends in publications from 2016 to 2025 to know the future potential of this research area;
  • To systematically map out the top-performing authors, influential countries and significant institutions in this field, thereby presenting a framework for potential researchers and stakeholders for future research;
  • To evaluate the co-authorship network between countries and researchers, highlighting their relationship by publication counts and total link strength (TLS);
  • To identify the research trends and patterns using comprehensive keyword analysis.

3. Methodology

The present study performs a scientometric review of the current scholarly literature, investigating the application of AI, ML, and DL in cybersecurity. Scientometrics is a research methodology to study the scientific literature through publication patterns, citation trends and research development [46]. It enables the quantification and visualisation of research evolution and deeper insights, for instance, on emerging trends, methodologies, and knowledge networks in different domains. The main goal of this scientometric study is to discover the global research trends concerning the implementation of ML and DL technologies in the cybersecurity domain and to identify the influential contributions of researchers, institutions, organisations, and countries.
The Scopus database was chosen for this analysis due to the vast coverage of high-impact articles in all aspects of scientific studies, high-quality indexed journals and its reliability for scientometrics studies. Scopus is deeply trusted to provide comprehensive citation data and to conduct bibliometric research [47]. Moreover, the potential reason for choosing the current time frame, January 2016 to January 2025, was to focus on the latest and most advanced research and developments in the field. The data were gathered from 2016 to 2026 due to the significant growth of ML and cybersecurity research and ongoing trends. Hence, the chosen time frame confirms that scientometric analysis is related to more recent research and discussions.
With extensive metadata, the database is suitable for scientometric tools, such as VOSviewer, which facilitates data export in formats supporting bibliometric analysis. The relevant publications were retrieved on 24 December 2024, employing a Boolean search strategy. The Boolean search string is given below:
(TITLE-ABS-KEY (machine AND learning OR machine-learning) OR TITLE-ABS-KEY (deep AND learning OR deep-learning) AND TITLE-ABS-KEY (cybersecurity)) AND PUBYEAR > 2014 AND PUBYEAR < 2026 AND (LIMIT-TO (DOCTYPE, “ar”) OR LIMIT-TO (DOCTYPE, “re”)) AND (LIMIT-TO (PUBSTAGE, “final”)) AND (LIMIT-TO (LANGUAGE, “English”)).
Boolean search was used because it filters large datasets with the Boolean operators and keywords used in the research [48]. The search minimises irrelevant studies and ensures the query retrieves more relevant results. Hence, it improves the efficiency and transparency of the search in the data collection process.
The search produced 9813 publications, including journal articles, conference papers, review articles, and book chapters. These publications were exported to CSV format to be compatible with any bibliometric analysis software. The data were thoroughly screened for completeness, eliminating records with incomplete bibliographic information, duplicate entries, or documents that did not directly address using ML and DL technologies in cybersecurity. Figure 1 shows a search framework for retrieving relevant documents.

Document Search Framework

Figure 1 demonstrates the document search framework using a funnel approach during this research, gradually reducing an initial collection of 9813 documents to the final 3712 counts. The main objective is to collect a complete group of high-quality articles that will later be analysed. Each phase includes a description that explores technological structures, system component assembly, and motivational design factors.
Multiple inclusion and exclusion criteria were applied to reduce the final number of articles to 3712. The first process includes using Scopus with specific keywords inserted across abstracts and keywords while including terms in the title field. This approach reaches maximum study representation while creating an inclusive final dataset. The constructed search queries aim to retrieve research themes and relevant terminology encompassing our research objectives.
In the second phase, non-relevant publications were eliminated through title-based criteria. After that, conference proceedings, reports, thesis, book chapters, preprints, and books were removed while selecting original research and review articles that achieved formal peer review. Our quality standards determine this criterion to ensure the quality and reliability, which confirms that our analysis targets only peer-reviewed scholarly publications.
The analysis moves to “in press” articles for removal because their content and citation information will likely change before becoming final publications. Our analysis relies on only complete articles because this approach reduces potential issues from temporary or developing information in preliminary texts.
The procedure ends with the removal of articles that are not written in English. Our specialised analytical apparatus operates best on English-language content, so this sorting process enhances the following analysis operations. An integrity assessment verifies that the database contains only records that contain complete metadata information and operational DOIs.
This resulted in 3712 records, and we continued to analyse these final documents. For scientometrics analysis, this study used VOSviewer, a powerful tool for analysing bibliometric networks, to visualise the data extracted from Scopus for this study [49]. VOSviewer was used to map author co-authorship networks, country co-authorship networks, and research cluster network maps by keyword co-occurrences. The generated network maps facilitated identifying emerging trends in ML and cybersecurity, influential authors, countries and institutions, and key research areas. This tool works exceptionally well for mapping the connections between different research topics, offering a magnificent view of the development of ML and DL in cybersecurity.
Moreover, VOSviewer was used because it can perform network visualisation, user-friendliness, and co-occurrence analysis. Additionally, VOSviewer was suitable for our study objectives because it could map the keyword co-occurrence and citation analysis.
This study focuses on one tool instead of many simultaneously, avoiding the complexity of integrating multiple software platforms and making the results comparable and the visualisation clear. The generation of easy-to-understand bibliometric maps by VOSviewer makes it a powerful resource for conducting this scientometric review. This study offers a holistic overview of AI, ML, and DL research trends in cybersecurity through this methodology, exploring how these technologies have been used, the challenges encountered, and the future of this field. This research is meant to guide future research and deepen the understanding of AI, ML and DL’s role in cybersecurity practices.

4. Results and Findings

Over recent years, the research field where cybersecurity, ML, and DL intersect has grown significantly. Between 2016 and 2025, 3712 publications were written by 2865 authors from 160 organisations in 114 countries. This represents an increasing interest and collaboration in the area and makes for a fascinating and promising area of future research. The publications ranged over 159 journals, and being a vibrant and promising field, there has been a steady increase in research output. This study only considered journal articles and excluded conference proceedings or books.
Table 2 reviews the scope and scale of the research dataset and provides key data statistics. It sourced the data from Scopus bibliographic repositories, guaranteeing its coverage of trends and developments by scholarly production in cybersecurity and machine learning/deep learning, covering the last ten years (Jan 2016—25).
This statistical overview foundationally contextualises the analysis of patterns, trends, and contributions within the field, demonstrating its wide-ranging relevance and the active engagement of the global research community. Figure 2 further highlights the publications per year by source journals.
The field is expanding quickly, as reflected by the growing number of publications each year. These findings suggest the importance of ML and DL techniques in addressing cybersecurity issues, including cyber-attack detection, anomaly detection, and network security.

4.1. Document Types in Cybersecurity and ML/DL Literature

The studies included in this research consist of articles that include in-depth studies, new findings, and practical implementation of ML/DL techniques in cybersecurity and review papers that summarise and analyse the available research to provide general prevailing patterns, challenges, and possible future research directions. These two types of research contribute significantly to strengthening our knowledge and applying ML/DL to cybersecurity, from which researchers and practitioners can benefit (see Figure 3).

4.2. Subject Areas of Cybersecurity and ML/DL Literature

The research spans multiple subject areas, highlighting its interdisciplinary nature. For instance, L/DL models are applied in engineering and technology domains to enhance systems’ cybersecurity. Many studies concentrate on developing algorithms and analysing their applications in areas such as threat detection, anomaly detection and safeguarding data, which lies in computer science. In many studies, mathematical models were used to optimise the ML/DL algorithms to achieve better performance in cybersecurity applications. Also, some studies address medical and environmental data defence using ML/DL. Further fields are highlighted in detail in Figure 4.
The variety itself reflects the pertinence of applying ML/DL in the context of cybersecurity into several disciplines and the potential to trigger innovation and tackle complex security problems.

4.3. Documents by Source

Finally, this section highlights the growth of research in cybersecurity and machine learning (ML)/deep learning (DL) from 2016 to 2025. Three thousand seven hundred twelve publications were recorded over this period, evidencing the growing importance of this area. The data are from Scopus and cover 114 countries, 2865 authors, 160 organisations, and 159 sources. Figure 5 depicts the documents per year by source.

4.4. Top Ten Productive Authors in Cybersecurity and ML/DL Research

The contributions to this field are also global, as shown by the top ten prolific cybersecurity and ML/DL research authors. The most productive author on the list is I.H. Sarker from Swinburne University of Technology, Australia, who had 17 papers and a share of 0.46%. In second place come Moustafa, N. from UNSW in Australia and Srivastava, G. from Brandon University in Canada, with 16 papers (0.43%), while in third place is Motwakel, A. from Prince Sattam Bin Abdulaziz University, Saudi Arabia, with 15 publications (0.40%). The fourth rank is shared by seven authors publishing 13 papers (0.35%) from Saudi Arabia, Pakistan, Poland, Jordan, and Italy. Last, but not least, five authors shared the fifth position, having each published 12 (0.32%) papers from Saudi Arabia, Taiwan, Poland, etc. This distribution shows collaborative and international-oriented research efforts concerning cybersecurity and ML/DL, particularly the involvement of Australia and Saudi Arabia. Moreover, I.H. Sarker from Swinburne University of Technology, Australia, and Moustafa, N. from UNSW in Australia have significantly contributed to AI, cybersecurity, and ML research with their high influential publications. Their huge publications and citations advocate that their potential work supports basic research in this field of cybersecurity and ML.
Table 3 presents the scenario in detail.

4.5. Top Ten Most Productive Organisations

Saudi Arabia leads the way among educational institutions, with the top 10 most prolific cybersecurity and ML/DL research organisations. Top of the list is Princess Nourah Bint Abdulrahman University, with 87 papers (2.34%), and King Abdulaziz University, with 81 papers (2.18%). Of these, 80 papers (2.16%) were from King Saud University and Prince Sattam Bin Abdulaziz University and 72 (1.94%) from King Khalid University. Deakin University in Australia and the Lebanese American University in Lebanon are noteworthy. Table 3 reveals that Saudi Arabia emphasises the ML and cybersecurity fields, which significantly impacts the research area. This indicates that they have invested more in research and development, especially in their initiative, Saudi Vision 2030. Hence, their recent attention on AI, cybersecurity, and intelligent devices drove them towards more research publications. Moreover, Saudi Arabia remained the top contributor due to the substantial state-sponsored research funding and support in national cybersecurity policies, similar to the United States’ National Science Foundation (NSF), China’s investment in AI-based cybersecurity, and Europe’s cybersecurity projects.
Countries from developing regions face multiple barriers, such as low government support, financial restrictions, less organisational collaboration, and a lack of an advanced security environment. Additionally, the data in Table 4 highlight Saudi Arabia as a research hub because of its high research output from academic institutions.

4.6. Top Ten Most Productive Publication Sources

This field is very interdisciplinary, and the top ten cybersecurity and ML/DL research publication sources are the most interesting among all the results. We start with IEEE Access, leading the list with 352 published papers (9.48%), focusing on engineering and technological innovations. Following this, we observe 157 papers (4.23%) in the sensors category regarding artificial intelligence, wireless sensors and other applications. Others covered systems, communication and robotics, with 95 papers (2.56%) from Electronics (Switzerland), 107 (2.88%) from Applied Sciences Switzerland, and Computers and Security also with 107 (2.88% of the total). Overall, IEEE and Sensors appeared to be highly productive journals due to the high volume of engineering and technology research in these journals. Researchers publishing more in these journals might be due to their peer-review process and relatedness with the latest technology domains like AI, cybersecurity and innovative technologies.
Several topics and disciplines emerge from these journals, creating a space where cybersecurity and ML/DL research meet (see Table 5).

4.7. Top Ten Most-Cited Publications

The field’s influential contributions are exhibited in the most-cited publications in cybersecurity and other publications that are most cited in ML/DL research. The article “Review of deep learning: concepts, CNN architectures, challenges, applications, future directions” leads with 3744 citations, followed by “Machine Learning: Algorithms, Real-World Applications and Research Directions” with 3026, which summarises the concepts, CNN architectures and challenges as well as applications and future directions of deep learning techniques. “Deep Learning: A Comprehensive Overview on Techniques, Taxonomy, Applications and Research Directions” lists 1205 citations of the type of applications and threats associated with DL systems. Other works mentioned in this document are highly cited and cover adversarial machine learning, blockchain with AI, ChatGPT, and healthcare. From that, it is clear that this research spans widely and is highly impactful. Table 6 details the search results’ top ten most-cited research publications.
In summary, the data portray the exponential expansion of cybersecurity and ML/DL research, which results from many authors’ contributions in every organisation and almost all the journals worldwide. As such, this vibrant research landscape is essential to tackling contemporary cybersecurity challenges and thinking ahead about next-generation systems.

4.8. Top Ten Occurrence Keywords in Cybersecurity and ML/DL Literature

Table 7, highlighting the top ten highest-appearing keywords in the cybersecurity and machine learning/deep learning (ML/DL) literature, offers a quick overview of the topics of interest in this field. “Occurrences” stands for how often each keyword appeared in the literature, “Links” for how many edges between these keywords we had in the network, and “Total Link Strength” for the strength of connections between these keywords.
The most common word, by far, was the keyword artificial intelligence (AI), which surfaced 476 times, with a maximum link strength of 5853. It is not that surprising, though. AI is fundamental in many cybersecurity applications, mainly anomaly detection, behaviour analysis, and automation [51]. Due to the high frequency and strong link strength, research on this subject relies heavily on AI, as multiple studies strongly agree with using AI-based models and algorithms.
The keyword “Classifier” is next to AI, as it was linked with AI 472 times in total, with a link strength of 6026. This implies that classification algorithms play a crucial part in cybersecurity where their task of identifying malicious activities (e.g., malware, intrusion) is needed. This idea is reinforced by the fact that the strength of the connection with AI also makes us realise that ML methods, like supervised learning techniques, are significant in cybersecurity. The third most frequent keyword is ‘Intrusion Detection System’ (IDS), which has 422 uses and 5499 link strength. The detection of unauthorised access or network threats is a core area of cybersecurity, and IDS reflects the continued importance of this activity. This keyword’s placement at the top emphasises the trend to build real-time, automated systems that detect and neutralise intrusions, sometimes with machine learning.
Malicious software (malware), which appeared 317 times with a link strength of 3798, has become a growing concern for cybersecurity threats. Other keywords often containing the word malware (e.g., AI, classifiers, intrusion detection) suggest that malware is relevant to multiple aspects of cybersecurity research. The strength of the connection between malware and the above technologies signals a concerted approach to deploying more advanced algorithms to contend with it.
Another keyword, “Integration”, was found 263 times, describing the rising interest in integrating various technologies and systems into cybersecurity frameworks. Given the criticality of integration for next-generation security systems involving sophisticated machine learning models, diverse detection techniques, and response strategies, it is crucial to address the complexities created by heterogeneity in accepting, handling, and managing data [18]. With its focus on integration, this shift suggests that holistic and connected responses to cybersecurity problems are the way to move forward.
The sixth position is the convolutional neural network (CNN), which has 254 observations and a link strength of 3316. CNNs are particularly suited for pattern recognition tasks in cybersecurity, such as image analysis in malware detection or network traffic monitoring. Although the number of times it occurs is much less than keywords such as AI or classifiers, it shows that CNN is becoming part of advanced ML and DL learning models for cybersecurity.
Feature selection appears 248 times, with a link strength of 3391. The relevance of this keyword in the table is critical to optimising models for cybersecurity tasks, namely using only the most appropriate data for analysis.
Numerous classic machine learning algorithms are used in cybersecurity for classification tasks, e.g., detecting intrusions or identifying threats; among them are decision tree (210 occurrences) and support vector machine (SVM) (202 occurrences). While the number of occurrences is relatively lower than CNNs or AI, one might suspect recent research to lean more towards complex models. Yet, decision trees and SVMs serve some integral purpose in specific applications. Here, “Physical System” is ranked tenth, with 160 occurrences. The phenomenon is also expressed in Figure 6 below.
This keyword occurs less frequently with the present study’s search query. However, it represents an emerging research space that overlaps with cybersecurity, primarily related to the Internet of Things (IoT) and how ML models can inform physical infrastructure. By looking at the frequency of this keyword, we can express that it may be less cosmic and a more tiny or emerging area of study than traditional cybersecurity interests. However, in a more significant implication, cyber-physical systems are a hot research area in today’s world of cybersecurity.

4.9. Co-Authorship Network of Most Productive Countries

The findings also highlight the co-authorship network among the top-performing productive countries. Using the table in the “Country Co-Authorship Network of Top Productive Countries”, a detailed review of the most productive countries in cybersecurity and machine learning/deep learning (ML/DL) research is performed. Table 7 presents countries in order of the total number of publications, citations, and link strength. It provides a glimpse into international collaborations and the influence of different countries in the field.
Moreover, Figure 7 shows global contributions to cybersecurity and ML/DL research. Countries like the USA, Australia and China are the leading countries. The maximum number of indexed papers is from these countries, and the citation rate is also high. The emerging nations, including Saudi Arabia and India, are making more contributions and profiles in the worldwide research system. Cooperation, which can also be measured by the total link strength of the organisation, is essential to emphasise the leap of progress in cybersecurity and ML/DL through international partnership. However, one must also factor in the quality of the produced research, as evidenced by the difference in citation counts, while employing the number of publications as a measure of research output. Therefore, although the USA and Australia ranked highest in publications and citations, other countries are coming up fast and writing more.

4.10. Most-Cited Countries and Their Publications

Australia ranks with 19,977 citations, a very slight distance from the USA with 19,051 citations. This implies that Australia is well represented in the field and participates in several kinds of research. However, it is always good to note that although there are more publications from Australia, it is visible that research from the USA is potentially having a more significant impact, as revealed by the citation data. The citation represents the degree of visibility and the utility of research by scholars from various countries.
China is the third on the list, with 12,094 citations. However, as presented here, China has fewer ML/DL and cybersecurity citations than Australia and the USA. Still, it is growing, and the citation records suggest that the research is making a growing impact. The total link strength, which tends to give insight into the connection between a country’s research output and other nations, displays the degree of collaboration. These collaborations, together with China’s increased participation and its place within these international co-authorship networks, highlight the fact that more members of the academic community are recognising and engaging with Chinese research.
The United Kingdom is fourth with 10,994 citations, which indicates European countries’ dominance. However, the number of such publications differs significantly between the countries, with the USA and Australia boasting more prominent citation scores than their publications. This indicates that even though the UK produced numerous publications in human resource management, its research might not have been as impactful internationally.
Saudi Arabia is in fifth position with 9281 citations, while India stands in sixth with 8072. A particular focus should be placed on Saudi Arabia as it underlines its increased participation in exploring cybersecurity and ML/DL research with support from the institutional framework and funding of advanced technologies. India, although lagging slightly, is emerging as a force in the research area, emphasising the cost-effectiveness of solutions that address cybersecurity issues, particularly in the context of developing countries. Other countries with appreciable contributions include Spain, Canada, Pakistan, and Italy, ranked seventh to tenth. For example, Spain comes seventh with 6952 citations, showing its moderate activity within the field. However, it still does not reach countries such as the USA and Australia in terms of citations. Canada and Pakistan show considerable engagement, but their research influence, as reflected in citations, might not be as widespread as that of the USA or China (see Table 8).

4.11. Authors Co-Authorship Network

The “Authors Map”, created with VOSviewer, presents the network and connections between authors in cybersecurity, machine learning, and deep learning. VOSviewer also constructs and analyses bibliographic networks, which helps students and researchers investigate collaboration and publication trends.
Figure 8 represents the most influential authors in the current domain and provides a rough idea of the most active authors. This brings out other researchers, such as Jawad Ahmad, Walid El-Shafai, Iqbal H. Sarker, and so on, who play an essential role in the field. They are involved in various papers, meaning they are quoted or work closely with other writers quite often, which means they contribute significantly to the body of knowledge.
Finally, the diversity of authors also brings considerable collaboration between institutions and countries at a normal level. For instance, authors from Saudi Arabia, India, Australia, and the USA prove that the research world is not limited. This global collaboration is needed as people gather different approaches and significant ideas for developing cybersecurity and ML/DL. Nevertheless, the list also indicates the concentration of leading scholars. If only a few authors are presented on the map, it can mean that few authors are in the field or that only a few key scholars are frequently cited. This can sometimes cause redundancy or slow down the generation of new ideas. In addition, while the map indicates who is publishing, it does not shed as much light on what is being published, whether or not it is of high quality and perceived as impactful or whether an individual is a lead author or co-author among others.
Another factor one must consider is the distribution of male/female writers since gender parity is a contentious academic issue. By referring to the names displayed in this map, one has to agree that there seem to be gender differences, where most names are male. This raises questions about gender representation in research, mainly in technology disciplines such as cybersecurity and ML/DL. Finally, the “Authors Map” can locate interactions and groups of authors probably working on the same ideas. However, it is essential to note that the VOSviewer gives a clear nexus of author ties. Still, it does not account for the relation type and whether it is academic, interdisciplinary, or industrial.

4.12. Yearly Publications by Top 10 Journals

Though the “yearly publications by top-ten Journals” data offer essential insight into the structure of cybersecurity, ML, and DL, we focused on the data related to 2016 to 2025. The data include publications from ten prominent journals: Journal of Applied Sciences, Computers and Electrical Engineering, Computers and Security, Computer, Materials and Continua, Electronics, Future Internet, IEEE Access, IEEE Internet of Things Journal, International Journal of Advanced Computer Science and Applications, and Sensors as presented in Figure 9.
Based on the information from the analysed journals, this general trend presupposes an increase in publications starting from 2018. This means there was a moderate increase in interest and demand for conducting cybersecurity and ML/DL research. The upward trend demonstrates the significance of these fields in meeting today’s technological phenomena, with more writers contributing their articles to quality journals.
Some journals, such as IEEE Access and Sensors, saw activity increase sharply in 2019–2020. This could be attributed to heightened awareness of the uses of ML/DL in cybersecurity, especially since industries began ramping up their digitisation and the call for effective shielding of IT systems became keener during this period.
IEEE Access appears to have had a significantly high number of published articles recently, which supports the argument that this journal is at the forefront of transmitting new knowledge. In the same way, yet still slightly below the top 15, Sensors also produces a considerable amount of content, which can be attributed to the rising popularity of IoT and intelligent security networks involving sensors.
On the other hand, the Future Internet and Computers and Security journal may have a lower growth rate. This indicates that more focused areas of cybersecurity and ML/DL activities may receive fewer submissions than IoTs and applied sciences.
Most of the journals in the sample exhibit an overall increase in publications. Still, it is also evident that some journals act as if they are reaching their troughs or, at best, slow plateaus following their years of highest productivity. For instance, Computers and Electrical Engineering and Electronics from Switzerland show sectors where publications stop growing or shrink over time. This could mean an oversaturation in the explored research issues or that researchers have switched preferences to other journals that publish more modern or highly significant studies.

5. Discussion

Modern cybersecurity research combining ML and DL creates new waves of international cooperation, interdisciplinary techniques, and state-of-the-art defensive strategies. The same AI-based protective measures researchers worldwide operate to defend networks and data allow attackers to optimise their malicious methods. A dual-use reality between researchers and attackers has initiated a worldwide technological advancement, manifesting through rising publications and improved research topics involving side-channel attacks, blockchain defences, and adversarial learning. The field is expanding through heightened scholarly output backed by broad geographic participation and vital keyword clusters consisting of AI, classifiers, IDS, and CNNs. The growing complexity of cybersecurity demands teams to unite experts across multiple domains, including legal and ethical fields and the social sciences, to create complete cybersecurity solutions. Scholarly research output has continually expanded from 2016 to 2025, thus marking the essential position that characterises this domain and demonstrating its ongoing growth, enabled by computer threats and AI applications.

5.1. Global Involvement and Interdisciplinary Collaborations

The research on cybersecurity utilising ML and DL reaches global scope because authors participating from 114 nations collaborated mutually, as excerpted in Figure 7. The current complexity of modern cyber threats exceeds technical difficulties; hence, cross-border and interdisciplinary partnerships prove indispensable. The combination of international organisations enables scientific teams to share talents with resources and research materials, resulting in the faster discovery of security innovations for identifying threats, evaluating weaknesses and enhancing privacy measures.
Social sciences and ethical and legal frameworks should unite with technical perspectives to address fundamental socio-technical matters, including AI decision accountability standards and ethical rules for extensive user data collection and privacy compliance frameworks. Various documented cooperative programs, such as global cyber operations ranges and joint protection systems for threat detection, demonstrate how expertise in technical and policy domains generates technologically solid and societally harmonised solutions. The combination of cybersecurity specialists and legal scholars has led to clear data protection definitions, and sociologists and psychologists have brought forward strategies to handle insider threats. Effective cybersecurity surpasses technical know-how since it needs comprehensive solutions, which unite ethical, legal, and societal perspectives.

5.2. Use of ML/DL Methods in Cybersecurity Research by Attackers and Defenders

Both cyber defence entities and attackers depend increasingly on ML/DL models to enhance their automatic approaches in their strategies. The organisations utilise real-time intrusion detection systems (IDSs), adaptive malware analysis, and large-scale network anomaly detection as their main protective functions. Manufacturers leverage SVM and decision trees alongside CNNs to analyse vast traffic or log data because these classification tools exceed traditional anomaly detection rules. The ability of ML-driven models to learn from recent data acquisitions allows them to effectively detect new threats in zero-day exploit scenarios.
Support vector machines (SVMs) and convolutional neural networks (CNNs) have considerably impacted organisations’ cybersecurity systems. SVMs are comprehensively applied in cybersecurity for their efficiency in structured and high-dimensional feature classification tasks such as IDS for detecting distributed denial of service attacks, malware classification using features like network behaviour, and network anomaly detection to detect abnormal network traffic patterns. In contrast, CNNs are effective for unstructured and multidimensional data in malware detection by image-based techniques and intrusion detection by analysing network traffic data.
Cybercriminals utilise ML/DL to create attacks, which have become more sophisticated than before. The Prabhu Kavin, Karki [60], and Anwar [53] academic works demonstrate that hackers employ ML techniques to disclose private user data by studying side-channel frequency interactions. Growing research shows how electromagnetic side-channel analysis of in-display fingerprint sensors combined with GenAI models and sensor analysis techniques enables adversaries to recover fingerprints, as presented in “Recovering Fingerprints from In-Display Fingerprint Sensors via Electromagnetic Side Channel” [61] and “Accear: Accelerometer acoustic eavesdropping with unconstrained vocabulary” [62]. Through these abilities, attackers develop better ways to evade detection, producing polytopic malware and launching massive human-plausible phishing operations. Security researchers now invest their work in developing adversarial training systems, blockchain validation, and strong data sanitisation techniques to confront modern threats [63,64,65].
Adversarial learning techniques, such as the fast gradient sign method and projected gradient descent, facilitate intrusion detection, malware classification, and facial recognition. The key purpose of adversarial training is to enhance model resistance against attacks. On the other hand, federated learning helps minimise risks, provides resistance from poisoning attacks, and learns from evolving cyber threats. Security efforts evolve through an escalating competition between offensive and defensive ML/DL applications, continually impacting the cybersecurity environment.

5.3. Sequential Growth and Trends in Publications from 2016 to 2025

A bibliographic study of cybersecurity studies reveals an increasing trend of research on ML/DL applications within the field from 2016 up to 2025, as shown in Figure 2 and Figure 5. Yearly growth data demonstrate how theoretical work on new architecture and algorithm structures, practical IoT security, and other applications expand continuously in the field. The ongoing growth demonstrates a widespread belief that ML/DL will continue strengthening cybersecurity infrastructure, which protects conventional networks, emerging smart cities, healthcare systems, and autonomous vehicles.
The upward publication trajectory points to several promising avenues from a future potential standpoint. Research experts work on explainable AI technology alongside federated learning for privacy-conscious decentralised training systems and quantum-resistant cryptographic solutions to protect against quantum computing developments. Advanced attack vectors mature large language models, and other generative artificial intelligence applications requiring stronger defensive solutions will likely appear. Cybersecurity publications indicate that research activities will grow by uniting different fields to achieve innovative solutions that abide by rules and ethical principles.

5.4. Research Trends and Patterns by Comprehensive Keyword Analysis

Table 6 and Figure 6 demonstrate that artificial intelligence is the dominant term. It dominates various cybersecurity operations, from anomaly identification to real-time threat awareness. Artificial intelligence is closely connected with classifiers and intrusion detection systems, demonstrating how supervised learning models detect network traffic malice and system intrusion activity. The ongoing refinement of datasets for better classification accuracy involves continuously developing malware variants that necessitate dynamic, optimised modelling approaches according to malware and feature selection mentions.
Convolutional neural network joins other important keywords to prove deep learning’s key role in processing complex data types, such as images for malicious code display or time-series signals for network analytics purposes. The identified top keywords show evidence that security experts unite different defence mechanisms to create extensive security solutions that integrate heuristic methods with ML classifiers and sensor networks with blockchain-based identity management systems. The increase in physical systems research reflects ongoing efforts to link investigations between IoT devices, critical infrastructure and industrial control networks. These keywords demonstrate how cybersecurity research expands towards multiple goals, requiring ML/DL applications and futuristic protections involving multi-level security measures and real-time information systems.

6. Conclusions

This study offers a wide-ranging bibliometric analysis of the intersection between cybersecurity, ML and DL, delineating rapid progress, essential contributors, and landmark publications in this area. A study of 3712 publications by 2865 researchers passing through 160 organisations and 159 sources shows the dynamic and interdisciplinary nature of research efforts to meet changing cybersecurity challenges.
Most striking is the significant global involvement in this field, with contributions from 114 countries. Saudi Arabia was a leader in organisational representation and the most prominent among the authors. Princess Nourah Bint Abdulrahman University and King Abdulaziz University are leading some serious academic output that firmly cements Saudi Arabia as a place to watch for cybersecurity research. The degree of this regional dominance underscores the need for sustained investment in educational and research efforts to investigate contemporary cybersecurity threats.
The prolific contributions of individual researchers such as I.H. Sarker, N. Moustafa, and G. Srivastava reflect the critical role of dedicated expertise in advancing knowledge and practical applications in cybersecurity and ML/DL. Their extensive work provides a foundation for ongoing and future research, driving innovation in detecting, mitigating, and preventing security threats.
Leading journals such as IEEE Access, Sensors and Applied Sciences Switzerland are expanding their publications to promote interdisciplinary knowledge. Exhibiting a range of diversity from engineering and sensor technology to security systems and AI applications is necessary for handling cybersecurity challenges. Moreover, this analysis highlights the profound effect of seminal works, such as “Review of Deep Learning: concepts, CNN Architectures, challenges, applications, Future Directions” and “Machine Learning: Algorithms, Real-World Applications and Research Directions”. The highly cited papers that are foundation texts always explore core concepts, techniques and applications in ML/DL for cybersecurity and, thus, contribute to how research should be conducted. Their influence shows that extensive, well-recorded research is contagious in making improvements across various fields.
The cybersecurity and ML DL research is interdisciplinary, based on the analysis discussed in this paper. Finally, it is demonstrated how innovative approaches for countering complex threats, such as artificial intelligence, blockchain, and adversarial learning, have been integrated into cybersecurity strategies. Cyber-attacks are consistently growing in scale and sophistication, and the use of ML/DL to power more adaptive and resilient systems is becoming all the more critical.
The direction of this study also points us towards an essential need for continued collaboration between researchers, organisations, and publishing platforms. Research efforts show promise for continued innovation, and the global distribution of those efforts indicates promise for continued innovation in emerging areas, like quantum-safe cryptography, autonomous cybersecurity systems, and ethical AI. However, the field also has challenges, including ensuring that research resources are accessible equitably and navigating the moral implications of deploying advanced ML/DL techniques in sensitive cybersecurity situations.
Finally, the results of this bibliometric analysis highlight the substantial advances in utilising ML and DL techniques for cybersecurity. This study identifies key contributors, trends and influential Public Space Research, laying a roadmap for future research and innovation. Continued global collaboration and investment in this field will be indispensable to keep a step ahead of upcoming threats and keep digital infrastructures safe and resilient around the globe.

6.1. Future Implications

The constant rise in publications might indicate that the research community anticipates these areas will remain significant. Projections to 2024, 2025, and beyond point to a further or even more considerable amount of publishing on these topics. This growth follows the increasing demand for cybersecurity worldwide, especially in AI, ML, and IoT development.

6.2. Practical Implications

As a direct result of this bibliometric analysis, new insights offer practical value to practitioners, policymakers, and stakeholders who aim to improve their cybersecurity strategies with ML and DL methods. The study findings serve as a guide for policymakers to implement ML-driven cybersecurity solutions in the cybersecurity infrastructure.
This study shows 114 countries participated, indicating ML/DL expertise and solutions available to address local situations. The global research perspective presents finance managers, healthcare providers, and critical infrastructure operators with the opportunity to elevate their performance by studying front-running institution methodologies, especially in fields such as real-time intrusion detection, malware categorisation, and adversarial protection. Insights from this research enable organisations to develop internal AI systems better while building up their workforce capabilities through data science education, security analyst training, and implementing broad, sophisticated security approaches fit for digitalisation.
The interdisciplinary character of cybersecurity research supports policy creation and the development of regulations that integrate technology, legal standards, and ethical practices. Modern AI architectural frameworks and blockchain security approaches require standardised guidelines and frameworks for protecting automated security operations data while preserving privacy and ensuring responsibility. Governments should team up with academic institutions, including those institutions from the study’s top rankings, to establish policies that promote responsible innovation through evidence-based methods. The advancement of adversarial ML requires strict protocols to validate AI-driven cybersecurity tools because these measures must ensure transparent operation alongside resistance to manipulations while maintaining fairness. Additionally, the ML model required significant computational resources when processing multidimensional and vast data for cyberthreat detection. Policymakers who develop educated legislative guidelines and establish industry partnerships can rapidly turn innovative research into practical cybersecurity solutions for advanced online threats.

6.3. Study Limitations

This significant growth in publications in all these journals indicates a positive trend towards progress in the cybersecurity and ML/DL fields. However, the data do not indicate the degree of influence these publications have. For example, the focus could be on the sheer volume of published articles without considering the impact of citations, which would better indicate how these studies affect the field.

Author Contributions

Conceptualization, K.R. and M.S.; methodology, K.R.; validation, K.R. and M.S. formal analysis, K.R.; investigation, K.R.; resources, K.R.; data curation, K.R.; writing—original draft preparation, K.R.; writing—review and editing, K.R.; visualisation, K.R.; supervision, M.S. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Khan, A.; Gupta, S.; Gupta, S.K. Multi-hazard disaster studies: Monitoring, detection, recovery, and management, based on emerging technologies and optimal techniques. Int. J. Disaster Risk Reduct. 2020, 47, 101642. [Google Scholar]
  2. Razzaq, K.; Shah, M. Machine Learning and Deep Learning Paradigms: From Techniques to Practical Applications and Research Frontiers. Computers 2025, 14, 93. [Google Scholar] [CrossRef]
  3. Nassar, A.; Kamal, M. Machine Learning and Big Data analytics for Cybersecurity Threat Detection: A Holistic review of techniques and case studies. J. Artif. Intell. Mach. Learn. Manag. 2021, 5, 51–63. [Google Scholar]
  4. Ertel, W. Introduction to Artificial Intelligence; Springer Nature: Delhi, India, 2024. [Google Scholar]
  5. Sarker, I.H. Deep cybersecurity: A comprehensive overview from neural network and deep learning perspective. Sn Comput. Sci. 2021, 2, 154. [Google Scholar]
  6. Dasgupta, D.; Akhtar, Z.; Sen, S. Machine learning in cybersecurity: A comprehensive survey. J. Def. Model. Simul. 2022, 19, 57–106. [Google Scholar]
  7. Tirulo, A.; Chauhan, S.; Dutta, K. Machine learning and deep learning techniques for detecting and mitigating cyber threats in IoT-enabled smart grids: A comprehensive review. Int. J. Inf. Comput. Secur. 2024, 24, 284–321. [Google Scholar] [CrossRef]
  8. Riese, F.M.; Keller, S. Supervised, semi-supervised, and unsupervised learning for hyperspectral regression. Hyperspectral Image Anal. Adv. Mach. Learn. Signal Process. 2020, 187–232. [Google Scholar]
  9. Nasir, V.; Sassani, F. A review on deep learning in machining and tool monitoring: Methods, opportunities, and challenges. Int. J. Adv. Manuf. Technol. 2021, 115, 2683–2709. [Google Scholar] [CrossRef]
  10. Maddireddy, B.R.; Maddireddy, B.R. Advancing Threat Detection: Utilizing Deep Learning Models for Enhanced Cybersecurity Protocols. Rev. Esp. Doc. Cient. 2024, 18, 325–355. [Google Scholar]
  11. Alevizos, L.; Dekker, M. Towards an AI-enhanced cyber threat intelligence processing pipeline. Electronics 2024, 13, 2021. [Google Scholar] [CrossRef]
  12. Chawla, A. Training and Inference Time Complexity of 10 ML Algorithms. In Daily Dose of Data Science; dailydoseofds, Ed.; Daily Dose of Data Science: Delhi, India, 2024; Volume 2025. [Google Scholar]
  13. Achuthan, K.; Ramanathan, S.; Srinivas, S.; Raman, R. Advancing cybersecurity and privacy with artificial intelligence: Current trends and future research directions. Front. Big Data 2024, 7, 1497535. [Google Scholar] [CrossRef]
  14. Maddireddy, B.R.; Maddireddy, B.R. Enhancing Endpoint Security through Machine Learning and Artificial Intelligence Applications. Rev. Esp. Doc. Cient. 2021, 15, 154–164. [Google Scholar]
  15. Khaleel, Y.L.; Habeeb, M.A.; Albahri, A.; Al-Quraishi, T.; Albahri, O.; Alamoodi, A. Network and cybersecurity applications of defense in adversarial attacks: A state-of-the-art using machine learning and deep learning methods. J. Intell. Syst. 2024, 33, 20240153. [Google Scholar]
  16. Amodei, A.; Capriglione, D.; Ferrigno, L.; Miele, G.; Tomasso, G.; Cerro, G. A rule-based approach for detecting heartbleed cyber attacks. In Proceedings of the 2022 IEEE International Symposium on Measurements & Networking (M&N), Padua, Italy, 18–20 July 2022; pp. 1–6. [Google Scholar]
  17. Paramesha, M.; Rane, N.L.; Rane, J. Artificial intelligence, machine learning, and deep learning for cybersecurity solutions: A review of emerging technologies and applications. Partn. Univers. Multidiscip. Res. J. 2024, 1, 84–109. [Google Scholar] [CrossRef]
  18. Salem, A.H.; Azzam, S.M.; Emam, O.; Abohany, A.A. Advancing cybersecurity: A comprehensive review of AI-driven detection techniques. J. Big Data 2024, 11, 105. [Google Scholar] [CrossRef]
  19. Naseer, I. The efficacy of Deep Learning and Artificial Intelligence Framework in Enhancing Cybersecurity, Challenges and Future Prospects. Innov. Comput. Sci. J. 2021, 7, 1. [Google Scholar]
  20. Ozkan-Okay, M.; Akin, E.; Aslan, Ö.; Kosunalp, S.; Iliev, T.; Stoyanov, I.; Beloev, I. A Comprehensive Survey: Evaluating the Efficiency of Artificial Intelligence and Machine Learning Techniques on Cyber Security Solutions. IEEE Access 2024, 12, 12229–12256. [Google Scholar] [CrossRef]
  21. Salloum, S.A.; Alshurideh, M.; Elnagar, A.; Shaalan, K. Machine learning and deep learning techniques for cybersecurity: A review. In The International Conference on Artificial Intelligence and Computer Vision; Springer: Berlin/Heidelberg, Germany, 2020. [Google Scholar]
  22. Ghillani, D. Deep learning and artificial intelligence framework to improve the cyber security. Authorea Preprints 2022. [Google Scholar]
  23. Sajid, M.; Malik, K.R.; Almogren, A.; Malik, T.S.; Khan, A.H.; Tanveer, J.; Rehman, A.U. Enhancing intrusion detection: A hybrid machine and deep learning approach. J. Cloud Comput. 2024, 13, 123. [Google Scholar]
  24. Alzonem, F.; Albrecht, G.; Castellanos, D.; Vandermeer, M.; Stansfield, B. Ransomware Detection Using Convolutional Neural Networks and Isolation Forests in Network Traffic Patterns. 2024. Available online: https://www.researchsquare.com/article/rs-5278706/v1 (accessed on 19 March 2025).
  25. Alam, M.N.; Sarma, D.; Lima, F.F.; Saha, I.; Hossain, S. Phishing attacks detection using machine learning approach. In Proceedings of the 2020 Third International Conference on Smart Systems and Inventive Technology (ICSSIT), Tirunelveli, India, 20–22 August 2020; pp. 1173–1179. [Google Scholar]
  26. Mughaid, A.; AlZu’bi, S.; Hnaif, A.; Taamneh, S.; Alnajjar, A.; Elsoud, E.A. An intelligent cyber security phishing detection system using deep learning techniques. Clust. Comput. 2022, 25, 3819–3828. [Google Scholar]
  27. Tamal, M.A.; Islam, M.K.; Bhuiyan, T.; Sattar, A.; Prince, N.U. Unveiling suspicious phishing attacks: Enhancing detection with an optimal feature vectorization algorithm and supervised machine learning. Front. Comput. Sci. 2024, 6, 1428013. [Google Scholar]
  28. Gupta, D.; Rani, R. Improving malware detection using big data and ensemble learning. Comput. Electr. Eng. 2020, 86, 106729. [Google Scholar]
  29. Abbasi, M.; Shahraki, A.; Taherkordi, A. Deep learning for network traffic monitoring and analysis (NTMA): A survey. Comput. Commun. 2021, 170, 19–41. [Google Scholar] [CrossRef]
  30. Boppiniti, S.T. Data Ethics in AI: Addressing Challenges in Machine Learning and Data Governance for Responsible Data Science. Int. Sci. J. Res. 2023, 5, 1–29. [Google Scholar]
  31. Daneshjou, R.; Smith, M.P.; Sun, M.D.; Rotemberg, V.; Zou, J. Lack of transparency and potential bias in artificial intelligence data sets and algorithms: A scoping review. JAMA Dermatol. 2021, 157, 1362–1369. [Google Scholar]
  32. Deekshith, A. Data engineering for AI: Optimizing data quality and accessibility for machine learning models. Int. J. Manag. Educ. Sustain. Dev. 2021, 4, 1–33. [Google Scholar]
  33. Liang, W.; Tadesse, G.A.; Ho, D.; Fei-Fei, L.; Zaharia, M.; Zhang, C.; Zou, J. Advances, challenges and opportunities in creating data for trustworthy AI. Nat. Mach. Intell. 2022, 4, 669–677. [Google Scholar] [CrossRef]
  34. Mukhamediev, R.I.; Popova, Y.; Kuchin, Y.; Zaitseva, E.; Kalimoldayev, A.; Symagulov, A.; Levashenko, V.; Abdoldina, F.; Gopejenko, V.; Yakunin, K. Review of artificial intelligence and machine learning technologies: Classification, restrictions, opportunities and challenges. Mathematics 2022, 10, 2552. [Google Scholar] [CrossRef]
  35. Razzaq, K.; Shah, M. Barriers to Implementing ML for Cybercrime Prevention in Online Retailing. In Proceedings of the First Saudi Conference on Information Systems (SaudiCIS), King Fahd University of Petroleum and Minerals in Dhahran, Saudi Arabia, 19–21 November 2024. [Google Scholar]
  36. Ali, A.; Shah, M. What Hinders Adoption of Artificial Intelligence for Cybersecurity in the Banking Sector. Information (2078-2489) 2024, 15, 760. [Google Scholar]
  37. Ali, A.; Shah, M.; Foster, M.; Alraja, M.N. Cybercrime Resilience in the Era of Advanced Technologies: Evidence from the Financial Sector of a Developing Country. Computers 2025, 14, 38. [Google Scholar] [CrossRef]
  38. Ding, W.; Abdel-Basset, M.; Hawash, H.; Ali, A.M. Explainability of artificial intelligence methods, applications and challenges: A comprehensive survey. Inf. Sci. 2022, 615, 238–292. [Google Scholar] [CrossRef]
  39. Sooryamoorthy, R. Scientometrics for the Humanities and Social Sciences; Routledge: Brighton, UK, 2020. [Google Scholar]
  40. Abdullah, K.H.; Sofyan, D. Machine learning in safety and health research: A scientometric analysis. Int. J. Inf. Sci. Manag. (IJISM) 2023, 21, 17–37. [Google Scholar]
  41. Wu, D.; Li, Y.; Kong, H.; Meng, T.; Sun, Z.; Gao, H. Scientometric analysis-based review for drought modelling, indices, types, and forecasting especially in Asia. Water 2021, 13, 2593. [Google Scholar] [CrossRef]
  42. Kastrin, A.; Hristovski, D. Scientometric analysis and knowledge mapping of literature-based discovery (1986–2020). Scientometrics 2021, 126, 1415–1451. [Google Scholar] [CrossRef]
  43. Ajala, O.A.; Okoye, C.C.; Ofodile, O.C.; Arinze, C.A.; Daraojimba, O.D. Review of AI and machine learning applications to predict and Thwart cyber-attacks in real-time. Magna Sci. Adv. Res. Rev. 2024, 10, 312–320. [Google Scholar] [CrossRef]
  44. Balantrapu, S.S. AI for Predictive Cyber Threat Intelligence. Int. J. Manag. Educ. Sustain. Dev. 2024, 7, 1–28. [Google Scholar]
  45. Imtiaz, M.A.; Razzaq, K.; Javed, M.A.; Masood, H.; Yousaf, H.F.; Siddique, H. An Enhanced Data Protection and Security based on Machine Learning: Deep Analysis on Threat Mitigation, Challenges in Internet of Medical Things (IoMTs). Spectr. Eng. Sci. 2025, 3, 496–521. [Google Scholar]
  46. Kumar, T.G.; Singh, K.; Ranjan, A.; Rai, S. Publication trend in library philosophy and practice (e-journal): A scientometric approach. Libr. Philos. Pract. 2020, 1, 1–14. [Google Scholar]
  47. Baas, J.; Schotten, M.; Plume, A.; Côté, G.; Karimi, R. Scopus as a curated, high-quality bibliometric data source for academic research in quantitative science studies. Quant. Sci. Stud. 2020, 1, 377–386. [Google Scholar] [CrossRef]
  48. Macedo, M.; Siqueira, H.; Figueiredo, E.; Santana, C.; Lira, R.C.; Gokhale, A.; Bastos-Filho, C. Overview on binary optimization using swarm-inspired algorithms. IEEE Access 2021, 9, 149814–149858. [Google Scholar] [CrossRef]
  49. Van Eck, N.J.; Waltman, L. Citation-based clustering of publications using CitNetExplorer and VOSviewer. Scientometrics 2017, 111, 1053–1070. [Google Scholar] [PubMed]
  50. Alzubaidi, L.; Zhang, J.; Humaidi, A.J.; Al-Dujaili, A.; Duan, Y.; Al-Shamma, O.; Santamaría, J.; Fadhel, M.A.; Al-Amidie, M.; Farhan, L. Review of deep learning: Concepts, CNN architectures, challenges, applications, future directions. J. Big Data 2021, 8, 53. [Google Scholar] [PubMed]
  51. Sarker, I.H. Machine learning: Algorithms, real-world applications and research directions. SN Comput. Sci. 2021, 2, 160. [Google Scholar] [CrossRef] [PubMed]
  52. Sarker, I.H. Deep learning: A comprehensive overview on techniques, taxonomy, applications and research directions. Sn Comput. Sci. 2021, 2, 420. [Google Scholar]
  53. Alom, M.Z.; Taha, T.M.; Yakopcic, C.; Westberg, S.; Sidike, P.; Nasrin, M.S.; Hasan, M.; Van Essen, B.C.; Awwal, A.A.; Asari, V.K. A state-of-the-art survey on deep learning theory and architectures. Electronics 2019, 8, 292. [Google Scholar] [CrossRef]
  54. Sallam, M. ChatGPT utility in healthcare education, research, and practice: Systematic review on the promising perspectives and valid concerns. Healthcare 2023, 11, 887. [Google Scholar]
  55. Biggio, B.; Roli, F. Wild patterns: Ten years after the rise of adversarial machine learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada, 15–19 October 2018; pp. 2154–2156. [Google Scholar]
  56. Xin, Y.; Kong, L.; Liu, Z.; Chen, Y.; Li, Y.; Zhu, H.; Gao, M.; Hou, H.; Wang, C. Machine learning and deep learning methods for cybersecurity. IEEE Access 2018, 6, 35365–35381. [Google Scholar] [CrossRef]
  57. Diro, A.A.; Chilamkurti, N. Distributed attack detection scheme using deep learning approach for Internet of Things. Future Gener. Comput. Syst. 2018, 82, 761–768. [Google Scholar]
  58. Salah, K.; Rehman, M.H.U.; Nizamuddin, N.; Al-Fuqaha, A. Blockchain for AI: Review and open research challenges. IEEE Access 2019, 7, 10127–10149. [Google Scholar]
  59. Hasan, M.; Islam, M.M.; Zarif, M.I.I.; Hashem, M. Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches. Internet Things 2019, 7, 100059. [Google Scholar]
  60. Prabhu Kavin, B.; Karki, S.; Hemalatha, S.; Singh, D.; Vijayalakshmi, R.; Thangamani, M.; Haleem, S.L.A.; Jose, D.; Tirth, V.; Kshirsagar, P.R. Machine Learning-Based Secure Data Acquisition for Fake Accounts Detection in Future Mobile Communication Networks. Wirel. Commun. Mob. Comput. 2022, 2022, 6356152. [Google Scholar]
  61. Ni, T.; Zhang, X.; Zhao, Q. Recovering Fingerprints from In-Display Fingerprint Sensors via Electromagnetic Side Channel. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, Melbourne, VIC, Australia, 10–14 July 2023; pp. 253–267. [Google Scholar]
  62. Hu, P.; Zhuang, H.; Santhalingam, P.S.; Spolaor, R.; Pathak, P.; Zhang, G.; Cheng, X. Accear: Accelerometer acoustic eavesdropping with unconstrained vocabulary. In Proceedings of the 2022 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 23–25 May 2022; pp. 1757–1773. [Google Scholar]
  63. Aurangzeb, M.; Wang, Y.; Iqbal, S.; Naveed, A.; Ahmed, Z.; Alenezi, M.; Shouran, M. Enhancing cybersecurity in smart grids: Deep black box adversarial attacks and quantum voting ensemble models for blockchain privacy-preserving storage. Energy Rep. 2024, 11, 2493–2515. [Google Scholar]
  64. Dibaei, M.; Zheng, X.; Xia, Y.; Xu, X.; Jolfaei, A.; Bashir, A.K.; Tariq, U.; Yu, D.; Vasilakos, A.V. Investigating the prospect of leveraging blockchain and machine learning to secure vehicular networks: A survey. IEEE Trans. Intell. Transp. Syst. 2021, 23, 683–700. [Google Scholar] [CrossRef]
  65. Verma, A.; Bhattacharya, P.; Madhani, N.; Trivedi, C.; Bhushan, B.; Tanwar, S.; Sharma, G.; Bokoro, P.N.; Sharma, R. Blockchain for industry 5.0: Vision, opportunities, key enablers, and future directions. IEEE Access 2022, 10, 69160–69199. [Google Scholar] [CrossRef]
Figure 1. Document search framework.
Figure 1. Document search framework.
Jcp 05 00012 g001
Figure 2. Trends in cybersecurity and ML/DL literature.
Figure 2. Trends in cybersecurity and ML/DL literature.
Jcp 05 00012 g002
Figure 3. Document types of cybersecurity and ML/DL literature.
Figure 3. Document types of cybersecurity and ML/DL literature.
Jcp 05 00012 g003
Figure 4. Subject area of cybersecurity and ML/DL literature.
Figure 4. Subject area of cybersecurity and ML/DL literature.
Jcp 05 00012 g004
Figure 5. Documents by source during 2016-2025.
Figure 5. Documents by source during 2016-2025.
Jcp 05 00012 g005
Figure 6. Cybersecurity and ML/DL research cluster network map (by keyword occurrences).
Figure 6. Cybersecurity and ML/DL research cluster network map (by keyword occurrences).
Jcp 05 00012 g006
Figure 7. Country co-authorship network of top 10 countries.
Figure 7. Country co-authorship network of top 10 countries.
Jcp 05 00012 g007
Figure 8. Authors co-authorship network.
Figure 8. Authors co-authorship network.
Jcp 05 00012 g008
Figure 9. Yearly publication of top 10 journals.
Figure 9. Yearly publication of top 10 journals.
Jcp 05 00012 g009
Table 1. ML model’s time complexity.
Table 1. ML model’s time complexity.
Sr. No.ML AlgorithmsTrainingInference
1Linear Regression (OLS) O ( n m 2 + m 3 ) O ( m )
2Linear Regression (SGD) O ( n e p o c h n m ) O ( m )
3Logistic Regression (Binary) O ( n e p o c h n m ) O ( m )
4Logistic Regression (Multiclass OvR) O ( n e p o c h n m c ) O ( m c )
5Decision Tree O ( n log n .   m ) O ( d t r e e )
6Random Forest Classifier O ( d t r e e s n log n .   m ) O ( d t r e e s d t r e e )
7Support Vector Machine O ( n 2 m + n 3 ) O ( m n s v )
8k-Nearest Neighbours- O ( n m )
9Naïve Bayes O ( n m ) O ( m c )
10Principal Component Analysis (PCA) O ( n m 2 + m 3 ) -
11t-SNE O ( n 2 m ) -
12k-Means Clustering O ( i k n m ) -
Source: Daily dose of data science [12].
Table 2. Detailed statistics of collected data.
Table 2. Detailed statistics of collected data.
Data Collection Source Scopus
Time Duration January 2016 to January 2025
Number of Countries114
Final Selection of Articles3712
Unique Authors2865
Total Number of Institutions160
Number of Publishers159
Table 3. Top ten productive authors in cybersecurity and ML/DL research.
Table 3. Top ten productive authors in cybersecurity and ML/DL research.
RankAuthorAffiliation with the OrganisationCountryDocuments%
1Sarker, I.H.Swinburne University of Technology, MelbourneAustralia170.46%
2Moustafa, N.School of Engineering and Information Technology, UNSWAustralia160.43%
2Srivastava, G.Department of Math and Computer Science, Brandon UniversityCanada160.43%
3Motwakel, A.Prince Sattam Bin Abdulaziz UniversitySaudi Arabia150.40%
4Abu Al-Haija, Q.Jordan University of Science and TechnologyJordan130.35%
4Ahmad, J.Faculty of CS and IT, The Superior UniversityPakistan130.35%
4Alrayes, F.S.Princess Nourah Bint Abdulrahman UniversitySaudi Arabia130.35%
4Choraś, M.Bydgoszcz University of Science and TechnologyPoland130.35%
4Conti, M.University of PaduaItaly130.35%
4Kozik, R.Bydgoszcz University of Science and TechnologyPoland130.35%
4Ragab, M.Faculty of Computing and Information Technology, King Abdulaziz UniversitySaudi Arabia130.35%
5Aljameel, S.S.College of Computer and Information Systems, Umm Al-Qura University, MakkahSaudi Arabia120.32%
5Gupta, B.B.Department of Computer Science and Information Engineering, Asia UniversityTaiwan120.32%
5Hilal, A.M.Prince Sattam Bin Abdulaziz UniversitySaudi Arabia120.32%
5Pawlicki, M.Bydgoszcz University of Science and TechnologyPoland120.32%
5Tian, Z.Cyberspace Institute of Advanced Technology, Guangzhou UniversityChina120.32%
Table 4. Top ten productive organisations.
Table 4. Top ten productive organisations.
RankOrganisation/InstitutionTypeCountryDocuments%
1Princess Nourah Bint Abdulrahman UniversityEducational institutionSaudi Arabia872.34%
2King Abdulaziz UniversityEducational institutionSaudi Arabia812.18%
3King Saud UniversityEducational institutionSaudi Arabia802.16%
3Prince Sattam Bin Abdulaziz UniversityEducational institutionSaudi Arabia802.16%
4King Khalid UniversityEducational institutionSaudi Arabia721.94%
5Umm Al-Qura UniversityEducational institutionSaudi Arabia471.27%
6Prince Sultan UniversityEducational institutionSaudi Arabia411.10%
7Deakin UniversityEducational institutionAustralia391.05%
7Lebanese American UniversityEducational institutionLebanon391.05%
7Imam Abdulrahman Bin Faisal UniversityEducational institutionSaudi Arabia391.05%
8Northern Border UniversityEducational institutionSaudi Arabia371.00%
9Vellore Institute of TechnologyEducational institutionIndia360.97%
10King Faisal UniversityEducational institutionSaudi Arabia330.89%
Table 5. Top ten productive publication sources.
Table 5. Top ten productive publication sources.
RankSource/JournalSubject AreaTypeDocuments%
1IEEE AccessEngineering, Technology and InnovationJournal3529.48%
2SensorsSensors Technology, Applications, Artificial Intelligence & wireless sensorsJournal1574.23%
3Applied Sciences SwitzerlandEngineering & Technology, Materials and Environmental Sciences, Biomedical SciencesJournal1072.88%
3Computers and SecurityCybersecurity, System Security, Network and Data securityJournal1072.88%
4Electronics (Switzerland)Electronics, Systems and Communication, Robotics, AutomationJournal952.56%
5Computers, Materials and ContinuaComputer Science, Materials, Engineering and MathematicsJournal852.29%
6International Journal of Advanced Computer Science And ApplicationsArtificial Intelligence, Machine Learning, Data Science, Cybersecurity & RoboticsJournal812.18%
7IEEE Internet of Things JournalIoT Architecture, IoT Protocol, IoT Applications, Interoperability and StandardsJournal551.48%
8Future InternetComputer Networks & Communications, Cybersecurity, Artificial Intelligence & Machine LearningJournal401.08%
9Computers and Electrical EngineeringComputer Science, Electric and Electronics Engineering, Control and SystemsJournal381.02%
10Cluster ComputingComputer Networks & Communications, Cybersecurity, Software SecurityJournal350.94%
Table 6. Top ten most-cited publications in ML/DL by search results.
Table 6. Top ten most-cited publications in ML/DL by search results.
RankTitleAuthorsResearch FocusJournalCitations
1“Review of deep learning: concepts, CNN architectures, challenges, applications, future directions”[50]Deep Learning techniques, CNN Architecture, Major concerns and future trends in DLJournal of Big Data3744
2“Machine Learning: Algorithms, Real-World Applications and Research Directions”[51]Overview of ML Techniques, ML applications and future scopeSN Computer Science2331
3“Deep Learning: A Comprehensive Overview on Techniques, Taxonomy, Applications and Research Directions”[52]DL techniques, applications and threatsSN Computer Science1205
4“A state-of-the-art survey on deep learning theory and architectures”[53]DL algorithms applications and future research directionsElectronics (Switzerland)1172
5“ChatGPT Utility in Healthcare Education, Research, and Practice: Systematic Review on the Promising Perspectives and Valid Concerns”[54]Application of ChatGPT in healthcare settings, challenges, implications and future ImplicationsHealthcare (Switzerland)1110
6“Wild patterns: Ten years after the rise of adversarial machine learning.”[55]Adversarial ML Techniques, Advancements and ConcernsPattern Recognition875
7“Machine Learning and Deep Learning Methods for Cybersecurity”[56]Evaluation of ML and DL in cybersecurityIEEE Access835
8“Distributed attack detection scheme using deep learning approach for Internet of Things”[57]Cyber-attack detection using DLFuture Generation Computer Systems725
9“Blockchain for AI: Review and open research challenges”[58]Blockchain integration with AIIEEE Access677
10“Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches”[59]ML Techniques for Cyber Attacks and Anomaly DetectionInternet of Things (Netherlands)596
Table 7. Top 10 keyword occurrence in cybersecurity and ML/DL literature.
Table 7. Top 10 keyword occurrence in cybersecurity and ML/DL literature.
RankKeywordOccurrencesLinksTotal Link StrengthCluster
1Artificial Intelligence476108858532
2Classifier472108860261
3Intrusion Detection System422106154991
4Malware31794437983
5Integration26397035302
6Convolutional Neural Network25497633163
7Feature Selection24889233911
8Decision Tree21086930051
9Support Vector Machine20286628621
10Physical System16072217824
Table 8. Most-cited countries and their publications.
Table 8. Most-cited countries and their publications.
RankCountryNo. of PublicationsNo. of CitationsTotal Link Strength
1Australia24919,977308
2USA57719,051489
3China49712,094521
4United Kingdom25310,994403
5Saudi Arabia5999281766
6India6528072458
7Spain1386952121
8Canada1775260214
9Pakistan1885256390
10Italy1223422117
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Razzaq, K.; Shah, M. Advancing Cybersecurity Through Machine Learning: A Scientometric Analysis of Global Research Trends and Influential Contributions. J. Cybersecur. Priv. 2025, 5, 12. https://doi.org/10.3390/jcp5020012

AMA Style

Razzaq K, Shah M. Advancing Cybersecurity Through Machine Learning: A Scientometric Analysis of Global Research Trends and Influential Contributions. Journal of Cybersecurity and Privacy. 2025; 5(2):12. https://doi.org/10.3390/jcp5020012

Chicago/Turabian Style

Razzaq, Kamran, and Mahmood Shah. 2025. "Advancing Cybersecurity Through Machine Learning: A Scientometric Analysis of Global Research Trends and Influential Contributions" Journal of Cybersecurity and Privacy 5, no. 2: 12. https://doi.org/10.3390/jcp5020012

APA Style

Razzaq, K., & Shah, M. (2025). Advancing Cybersecurity Through Machine Learning: A Scientometric Analysis of Global Research Trends and Influential Contributions. Journal of Cybersecurity and Privacy, 5(2), 12. https://doi.org/10.3390/jcp5020012

Article Metrics

Back to TopTop