Machine Learning and Cybersecurity—Trends and Future Challenges

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Artificial Intelligence".

Deadline for manuscript submissions: 15 August 2025 | Viewed by 18154

Special Issue Editor


E-Mail Website
Guest Editor
Department of Computer Science and Electrical Engineering, School of Computing and Engineering, University of Missouri-Kansas City (UMKC), 5000 Holmes St, Kansas City, MO 64110, USA
Interests: machine learning; cybersecurity; quantum computing and optimization

Special Issue Information

Dear Colleagues,

This Special Issue of the journal is dedicated to examining the symbiotic relationship between machine learning and cybersecurity, with a specific focus on its application, progress, and challenges. Encompassing a wide array of topics, including anomaly detection, behavior analysis, adversarial machine learning, and transparent model development, the scope is set to provide a comprehensive overview of the current trends and future prospectives in this dynamic intersection. The primary purpose of this Special Issue is to offer a valuable resource for researchers and practitioners alike, offering deep insights and practical knowledge.

In terms of its contribution to the existing literature, this Special Issue stands as a significant supplement. By delving into the integration of advanced ML algorithms into security systems, it expands upon the evolving landscape of cyber threat detection and response. Furthermore, the exploration of adversarial machine learning sheds light on the critical need for creating models that can withstand sophisticated attacks. This Special Issue also addresses a pressing concern in the field: transparency and interpretability in ML models, which are pivotal for ensuring ethical and regulatory compliance. By providing an encompassing overview of these critical facets, this Special Issue enriches the existing body of knowledge and offers a crucial reference for those engaged in research and practice within the domain of machine learning and cybersecurity. Researchers, practitioners, and policymakers alike will find this Special Issue to be a valuable compendium of knowledge in an era where safeguarding digital spaces is of paramount importance.

Prof. Dr. Wajeb Gharibi
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • machine learning
  • cybersecurity
  • anomaly detection
  • behavior analysis
  • adversarial machine learning
  • transparent models
  • digital security
  • threat detection
  • ethical compliance
  • regulatory compliance
  • cyber threats
  • resilient models
  • data security
  • intrusion detection
  • network security

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue policies can be found here.

Published Papers (8 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review, Other

19 pages, 868 KiB  
Article
Detecting Cryptojacking Containers Using eBPF-Based Security Runtime and Machine Learning
by Riyeong Kim, Jeongeun Ryu, Sumin Kim, Soomin Lee and Seongmin Kim
Electronics 2025, 14(6), 1208; https://doi.org/10.3390/electronics14061208 - 19 Mar 2025
Viewed by 463
Abstract
As the use of containers has become mainstream in the cloud environment, various security threats targeting containers have also been increasing. Among them, a notable malicious activity is a cryptojacking attack that steals resources without the consent of an instance owner to mine [...] Read more.
As the use of containers has become mainstream in the cloud environment, various security threats targeting containers have also been increasing. Among them, a notable malicious activity is a cryptojacking attack that steals resources without the consent of an instance owner to mine cryptocurrency. However, detecting such anomalies in a containerized environment is more complex because containers share the host kernel, making it challenging to pinpoint resource usage and anomalies at the container granularity without introducing significant overhead. To this end, this study proposes a runtime detection framework for identifying malicious mining behaviors in the cloud-native environment. By leveraging Tetragon, a runtime security tool based on the extended Berkeley Packet Filter (eBPF), we capture system call traces and flow-level information of cryptojacking containers to extract rich feature representations for training and evaluating various machine learning models. As a result of the experiment, our framework delivers up to 99.75% classification accuracy with moderate runtime monitoring overhead. Full article
(This article belongs to the Special Issue Machine Learning and Cybersecurity—Trends and Future Challenges)
Show Figures

Figure 1

29 pages, 8224 KiB  
Article
Detection of Domain Name Server Amplification Distributed Reflection Denial of Service Attacks Using Convolutional Neural Network-Based Image Deep Learning
by Hoon Shin, Jaeyeong Jeong, Kyumin Cho, Jaeil Lee, Ohjin Kwon and Dongkyoo Shin
Electronics 2025, 14(1), 76; https://doi.org/10.3390/electronics14010076 - 27 Dec 2024
Viewed by 966
Abstract
Domain Name Server (DNS) amplification Distributed Reflection Denial of Service (DRDoS) attacks are a Distributed Denial of Service (DDoS) attack technique in which multiple IT systems forge the original IP of the target system, send a request to the DNS server, and then [...] Read more.
Domain Name Server (DNS) amplification Distributed Reflection Denial of Service (DRDoS) attacks are a Distributed Denial of Service (DDoS) attack technique in which multiple IT systems forge the original IP of the target system, send a request to the DNS server, and then send a large number of response packets to the target system. In this attack, it is difficult to identify the attacker because of its ability to deceive the source, and unlike TCP-based DDoS attacks, it usually uses the UDP protocol, which has a fast communication speed and amplifies network traffic by simple manipulating options, making it one of the most widely used DDoS techniques. In this study, we propose a simple convolutional neural network (CNN) model that is designed to detect DNS amplification DRDoS attack traffic and has hyperparameters adjusted through experiments. As a result of evaluating the accuracy of the proposed CNN model for detecting DNS amplification DRDoS attacks, the average accuracy of the experiment was 0.9995, which was significantly better than several machine learning (ML) models in terms of performance. It also showed good performance compared to other deep learning (DL) models, and, in particular, it was confirmed that this simple CNN had the fastest time in terms of execution compared to other deep learning models by experimentation. Full article
(This article belongs to the Special Issue Machine Learning and Cybersecurity—Trends and Future Challenges)
Show Figures

Figure 1

16 pages, 2278 KiB  
Article
Enhancing VANET Security: An Unsupervised Learning Approach for Mitigating False Information Attacks in VANETs
by Abinash Borah and Anirudh Paranjothi
Electronics 2025, 14(1), 58; https://doi.org/10.3390/electronics14010058 - 26 Dec 2024
Viewed by 833
Abstract
Vehicular ad hoc networks (VANETs) enable communication among vehicles and between vehicles and infrastructure to provide safety and comfort to the users. Malicious nodes in VANETs may broadcast false information to create the impression of a fake event or road congestion. In addition, [...] Read more.
Vehicular ad hoc networks (VANETs) enable communication among vehicles and between vehicles and infrastructure to provide safety and comfort to the users. Malicious nodes in VANETs may broadcast false information to create the impression of a fake event or road congestion. In addition, several malicious nodes may collude to collectively launch a false information attack to increase the credibility of the attack. Detection of these attacks is critical to mitigate the potential risks they bring to the safety of users. Existing techniques for detecting false information attacks in VANETs use different approaches such as machine learning, blockchain, trust scores, statistical methods, etc. These techniques rely on historical information about vehicles, artificial data used to train the technique, or coordination among vehicles. To address these limitations, we propose a false information attack detection technique for VANETs using an unsupervised anomaly detection approach. The objective of the proposed technique is to detect false information attacks based on only real-time characteristics of the network, achieving high accuracy and low processing delay. The performance evaluation results show that our proposed technique offers 30% lower data processing delay and a 17% lower false positive rate compared to existing approaches in scenarios with high proportions of malicious nodes. Full article
(This article belongs to the Special Issue Machine Learning and Cybersecurity—Trends and Future Challenges)
Show Figures

Figure 1

15 pages, 473 KiB  
Article
Applying Multi-CLASS Support Vector Machines: One-vs.-One vs. One-vs.-All on the UWF-ZeekDataFall22 Dataset
by Rocio Krebs, Sikha S. Bagui, Dustin Mink and Subhash C. Bagui
Electronics 2024, 13(19), 3916; https://doi.org/10.3390/electronics13193916 - 3 Oct 2024
Cited by 1 | Viewed by 1199
Abstract
This study investigates the technical challenges of applying Support Vector Machines (SVM) for multi-class classification in network intrusion detection using the UWF-ZeekDataFall22 dataset, which is labeled based on the MITRE ATT&CK framework. A key challenge lies in handling imbalanced classes and complex attack [...] Read more.
This study investigates the technical challenges of applying Support Vector Machines (SVM) for multi-class classification in network intrusion detection using the UWF-ZeekDataFall22 dataset, which is labeled based on the MITRE ATT&CK framework. A key challenge lies in handling imbalanced classes and complex attack patterns, which are inherent in intrusion detection data. This work highlights the difficulties in implementing SVMs for multi-class classification, particularly with One-vs.-One (OvO) and One-vs.-All (OvA) methods, including scalability issues due to the large volume of network traffic logs and the tendency of SVMs to be sensitive to noisy data and class imbalances. SMOTE was used to address class imbalances, while preprocessing techniques were applied to improve feature selection and reduce noise in the data. The unique structure of network traffic data, with overlapping patterns between attack vectors, posed significant challenges in achieving accurate classification. Our model reached an accuracy of over 90% with OvO and over 80% with OvA, demonstrating that despite these challenges, multi-class SVMs can be effectively applied to complex intrusion detection tasks when combined with appropriate balancing and preprocessing techniques. Full article
(This article belongs to the Special Issue Machine Learning and Cybersecurity—Trends and Future Challenges)
Show Figures

Figure 1

19 pages, 859 KiB  
Article
Mitigation of Adversarial Attacks in 5G Networks with a Robust Intrusion Detection System Based on Extremely Randomized Trees and Infinite Feature Selection
by Gianmarco Baldini
Electronics 2024, 13(12), 2405; https://doi.org/10.3390/electronics13122405 - 19 Jun 2024
Viewed by 1468
Abstract
Intrusion Detection Systems (IDSs) are an important tool to mitigate cybersecurity threats in the ICT infrastructures. Preferable properties of the IDSs are the optimization of the attack detection accuracy and the minimization of the computing resources and time. A signification portion of IDSs [...] Read more.
Intrusion Detection Systems (IDSs) are an important tool to mitigate cybersecurity threats in the ICT infrastructures. Preferable properties of the IDSs are the optimization of the attack detection accuracy and the minimization of the computing resources and time. A signification portion of IDSs presented in the research literature is based on Machine Learning (ML) and Deep Learning (DL) elements, but they may be prone to adversarial attacks, which may undermine the overall performance of the IDS algorithm. This paper proposes a novel IDS focused on the detection of cybersecurity attacks in 5G networks, which addresses in a simple but effective way two specific adversarial attacks: (1) tampering of the labeled set used to train the ML algorithm, (2) modification of the features in the training data set. The approach is based on the combination of two algorithms, which have been introduced recently in the research literature. The first algorithm is the Extremely Randomized Tree (ERT) algorithm, which enhances the capability of Decision Tree (DT) and Random Forest (RF) algorithms to perform classification in data sets, which are unbalanced and of large size as IDS data sets usually are (legitimate traffic messages are more numerous than attack related messages). The second algorithm is the recently introduced Infinite Feature Selection algorithm, which is used to optimize the choice of the hyper-parameter defined in the approach and improve the overall computing efficiency. The result of the application of the proposed approach on a recently published 5G IDS data set proves its robustness against adversarial attacks with different degrees of severity calculated as the percentage of the tampered data set samples. Full article
(This article belongs to the Special Issue Machine Learning and Cybersecurity—Trends and Future Challenges)
Show Figures

Figure 1

25 pages, 502 KiB  
Article
Automated Network Incident Identification through Genetic Algorithm-Driven Feature Selection
by Ahmet Aksoy, Luis Valle and Gorkem Kar
Electronics 2024, 13(2), 293; https://doi.org/10.3390/electronics13020293 - 9 Jan 2024
Cited by 5 | Viewed by 2011
Abstract
The cybersecurity landscape presents daunting challenges, particularly in the face of Denial of Service (DoS) attacks such as DoS Http Unbearable Load King (HULK) attacks and DoS GoldenEye attacks. These malicious tactics are designed to disrupt critical services by overwhelming web servers with [...] Read more.
The cybersecurity landscape presents daunting challenges, particularly in the face of Denial of Service (DoS) attacks such as DoS Http Unbearable Load King (HULK) attacks and DoS GoldenEye attacks. These malicious tactics are designed to disrupt critical services by overwhelming web servers with malicious requests. In contrast to DoS attacks, there exists nefarious Operating System (OS) scanning, which exploits vulnerabilities in target systems. To provide further context, it is essential to clarify that NMAP, a widely utilized tool for identifying host OSes and vulnerabilities, is not inherently malicious but a dual-use tool with legitimate applications, such as asset inventory services in company networks. Additionally, Domain Name System (DNS) botnets can be incredibly damaging as they harness numerous compromised devices to inundate a target with malicious DNS traffic. This can disrupt online services, leading to downtime, financial losses, and reputational damage. Furthermore, DNS botnets can be used for other malicious activities like data exfiltration, spreading malware, or launching other cyberattacks, making them a versatile tool for cybercriminals. As attackers continually adapt and modify specific attributes to evade detection, our paper introduces an automated detection method that requires no expert input. This innovative approach identifies the distinct characteristics of DNS botnet attacks, DoS HULK attacks, DoS GoldenEye attacks, and OS-Scanning, explicitly using the NMAP tool, even when attackers alter their tactics. By harnessing a representative dataset, our proposed method ensures robust detection of such attacks against varying attack parameters or behavioral shifts. This heightened resilience significantly raises the bar for attackers attempting to conceal their malicious activities. Significantly, our approach delivered outstanding outcomes, with a mid 95% accuracy in categorizing NMAP OS scanning and DNS botnet attacks, and 100% for DoS HULK attacks and DoS GoldenEye attacks, proficiently discerning between malevolent and harmless network packets. Our code and the dataset are made publicly available. Full article
(This article belongs to the Special Issue Machine Learning and Cybersecurity—Trends and Future Challenges)
Show Figures

Figure 1

Review

Jump to: Research, Other

29 pages, 1721 KiB  
Review
Cybersecurity of Automotive Wired Networking Systems: Evolution, Challenges, and Countermeasures
by Nicasio Canino, Pierpaolo Dini, Stefano Mazzetti, Daniele Rossi, Sergio Saponara and Ettore Soldaini
Electronics 2025, 14(3), 471; https://doi.org/10.3390/electronics14030471 - 24 Jan 2025
Viewed by 1261
Abstract
The evolution of Electrical and Electronic (E/E) architectures in the automotive industry has been a significant factor in the transformation of vehicles from traditional mechanical systems to sophisticated, software-defined machines. With increasing vehicle connectivity and the growing threats from cyberattacks that could compromise [...] Read more.
The evolution of Electrical and Electronic (E/E) architectures in the automotive industry has been a significant factor in the transformation of vehicles from traditional mechanical systems to sophisticated, software-defined machines. With increasing vehicle connectivity and the growing threats from cyberattacks that could compromise safety and violate user privacy, the incorporation of cybersecurity into the automotive development process is becoming imperative. As vehicles evolve into sophisticated interconnected systems, understanding their vulnerabilities becomes essential to improve cybersecurity. This paper also discusses the role of evolving standards and regulations, such as ISO 26262 and ISO/SAE 21434, in ensuring both the safety and cybersecurity of modern vehicles. This paper offers a comprehensive review of the current challenges in automotive cybersecurity, with a focus on the vulnerabilities of the Controller Area Network (CAN) protocol. Additionally, we explore state-of-the-art countermeasures, focusing on Intrusion Detection Systems (IDSs), which are increasingly leveraging artificial intelligence and machine learning techniques to detect anomalies and prevent attacks in real time. Through an analysis of publicly available CAN datasets, we evaluate the effectiveness of IDS frameworks in mitigating these threats. Full article
(This article belongs to the Special Issue Machine Learning and Cybersecurity—Trends and Future Challenges)
Show Figures

Graphical abstract

Other

Jump to: Research, Review

20 pages, 369 KiB  
Systematic Review
A Systematic Review of Deep Learning Techniques for Phishing Email Detection
by Phyo Htet Kyaw, Jairo Gutierrez and Akbar Ghobakhlou
Electronics 2024, 13(19), 3823; https://doi.org/10.3390/electronics13193823 - 27 Sep 2024
Cited by 2 | Viewed by 8612
Abstract
The landscape of phishing email threats is continually evolving nowadays, making it challenging to combat effectively with traditional methods even with carrier-grade spam filters. Traditional detection mechanisms such as blacklisting, whitelisting, signature-based, and rule-based techniques could not effectively prevent phishing, spear-phishing, and zero-day [...] Read more.
The landscape of phishing email threats is continually evolving nowadays, making it challenging to combat effectively with traditional methods even with carrier-grade spam filters. Traditional detection mechanisms such as blacklisting, whitelisting, signature-based, and rule-based techniques could not effectively prevent phishing, spear-phishing, and zero-day attacks, as cybercriminals are using sophisticated techniques and trusted email service providers. Consequently, many researchers have recently concentrated on leveraging machine learning (ML) and deep learning (DL) approaches to enhance phishing email detection capabilities with better accuracy. To gain insights into the development of deep learning algorithms in the current research on phishing prevention, this study conducts a systematic literature review (SLR) following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines. By synthesizing the 33 selected papers using the SLR approach, this study presents a taxonomy of DL-based phishing detection methods, analyzing their effectiveness, limitations, and future research directions to address current challenges. The study reveals that the adaptability of detection models to new behaviors of phishing emails is the major improvement area. This study aims to add details about deep learning used for security to the body of knowledge, and it discusses future research in phishing detection systems. Full article
(This article belongs to the Special Issue Machine Learning and Cybersecurity—Trends and Future Challenges)
Show Figures

Figure 1

Back to TopTop