Deep learning techniques to detect cybersecurity attacks: a systematic mapping study

ContextRecent years have seen a lot of attention into Deep Learning (DL) techniques used to detect cybersecurity attacks. DL techniques can swiftly analyze massive datasets, and automate the detection and mitigation of a wide variety of cybersecurity attacks with superior results. However, no systematic study exists that summarizes these DL techniques since most studies are informal literature surveys or focus on different subjects.ObjectiveTo deliver a comprehensive and systematic summary of the existing DL techniques used to detect cybersecurity attacks as they are described in the literature. To identify open challenges for future research.MethodWe conducted a systematic mapping study about DL techniques to detect cybersecurity attacks driven by eleven research questions. We followed existing guidelines when defining our research protocol to increase the repeatability and reliability of our results.ResultsFrom an initial set of 1839 papers, we identified 116 relevant primary studies, primarily published in the last three years. We investigated multiple aspects of the DL techniques, such as the cybersecurity attack types to detect, their application domains, the programming languages, libraries, operating systems, and frameworks used to implement the DL techniques, the datasets used to train the DL models, the types of research carried out (academic or industrial), the performance of the techniques, and the advantages and disadvantages of each technique. We present a new taxonomy comprising 36 different DL techniques. We identified 14 application domains, eight cybersecurity attacks, and 93 publicly available datasets, among other results.ConclusionsWe provide six lessons learned along with recommendations for future research directions. The most active research areas in DL techniques for the identification of cybersecurity attacks discuss CNN and LSTM techniques. DL techniques in cybersecurity is a rapidly growing and developing research area, with many open challenges, including the lack of (a) research conducted in industrial settings, (b) real-time datasets, (c) studies focusing on promising DL techniques and relevant cybersecurity attacks.