research paper topics about internet security

95+ Latest Cyber Security Research Topics in 2024

Home Blog Security 95+ Latest Cyber Security Research Topics in 2024

The concept of cybersecurity refers to cracking the security mechanisms that break in dynamic environments. Implementing Cyber Security Project topics and cybersecurity thesis topics helps overcome attacks and take mitigation approaches to security risks and threats in real-time. Undoubtedly, it focuses on events injected into the system, data, and the whole network to attack/disturb it.

The network can be attacked in various ways, including Distributed DoS, Knowledge Disruptions, Computer Viruses / Worms, and many more. Cyber-attacks are still rising, and more are waiting to harm their targeted systems and networks. Detecting Intrusions in cybersecurity has become challenging due to their Intelligence Performance. Therefore, it may negatively affect data integrity, privacy, availability, and security. 

This article aims to demonstrate the most current Cyber Security Research Topics for Projects and areas of research currently lacking. We will talk about cyber security research questions, cyber security topics for the project, latest research titles about cyber security.

List of Trending Cyber Security Research Topics in 2024

Digital technology has revolutionized how all businesses, large or small, work, and even governments manage their day-to-day activities, requiring organizations, corporations, and government agencies to utilize computerized systems. To protect data against online attacks or unauthorized access, cybersecurity is a priority. There are many Cyber Security Courses online where you can learn about these topics. With the rapid development of technology comes an equally rapid shift in Cyber Security Research Topics and cybersecurity trends, as data breaches, ransomware, and hacks become almost routine news items. In 2024, these will be the top cybersecurity trends.

A. Exciting Mobile Cyber Security Research Paper Topics

• The significance of continuous user authentication on mobile gadgets. 
• The efficacy of different mobile security approaches. 
• Detecting mobile phone hacking. 
• Assessing the threat of using portable devices to access banking services. 
• Cybersecurity and mobile applications. 
• The vulnerabilities in wireless mobile data exchange. 
• The rise of mobile malware. 
• The evolution of Android malware.
• How to know you’ve been hacked on mobile. 
• The impact of mobile gadgets on cybersecurity. 

B. Top Computer and Software Security Topics to Research

• Learn algorithms for data encryption 
• Concept of risk management security 
• How to develop the best Internet security software 
• What are Encrypting Viruses- How does it work? 
• How does a Ransomware attack work? 
• Scanning of malware on your PC 
• Infiltrating a Mac OS X operating system 
• What are the effects of RSA on network security ? 
• How do encrypting viruses work?
• DDoS attacks on IoT devices

C. Trending Information Security Research Topics

• Why should people avoid sharing their details on Facebook? 
• What is the importance of unified user profiles? 
• Discuss Cookies and Privacy  
• White hat and black hat hackers 
• What are the most secure methods for ensuring data integrity? 
• Talk about the implications of Wi-Fi hacking apps on mobile phones 
• Analyze the data breaches in 2024
• Discuss digital piracy in 2024
• critical cyber-attack concepts 
• Social engineering and its importance 

D. Current Network Security Research Topics

• Data storage centralization
• Identify Malicious activity on a computer system. 
• Firewall 
• Importance of keeping updated Software  
• wireless sensor network 
• What are the effects of ad-hoc networks
• How can a company network be safe? 
• What are Network segmentation and its applications? 
• Discuss Data Loss Prevention systems  
• Discuss various methods for establishing secure algorithms in a network. 
• Talk about two-factor authentication

E. Best Data Security Research Topics

• Importance of backup and recovery 
• Benefits of logging for applications 
• Understand physical data security 
• Importance of Cloud Security 
• In computing, the relationship between privacy and data security 
• Talk about data leaks in mobile apps 
• Discuss the effects of a black hole on a network system. 

F. Important Application Security Research Topics

• Detect Malicious Activity on Google Play Apps 
• Dangers of XSS attacks on apps 
• Discuss SQL injection attacks. 
• Insecure Deserialization Effect 
• Check Security protocols 

G. Cybersecurity Law & Ethics Research Topics

• Strict cybersecurity laws in China 
• Importance of the Cybersecurity Information Sharing Act. 
• USA, UK, and other countries' cybersecurity laws  
• Discuss The Pipeline Security Act in the United States 

H. Recent Cyberbullying Topics

• Protecting your Online Identity and Reputation 
• Online Safety 
• Sexual Harassment and Sexual Bullying 
• Dealing with Bullying 
• Stress Center for Teens 

I. Operational Security Topics

• Identify sensitive data 
• Identify possible threats 
• Analyze security threats and vulnerabilities 
• Appraise the threat level and vulnerability risk 
• Devise a plan to mitigate the threats 

J. Cybercrime Topics for a Research Paper

• Crime Prevention. 
• Criminal Specialization. 
• Drug Courts. 
• Criminal Courts. 
• Criminal Justice Ethics. 
• Capital Punishment.
• Community Corrections. 
• Criminal Law.

Cyber Security Future Research Topics

• Developing more effective methods for detecting and responding to cyber attacks
• Investigating the role of social media in cyber security
• Examining the impact of cloud computing on cyber security
• Investigating the security implications of the Internet of Things
• Studying the effectiveness of current cyber security measures
• Identifying new cyber security threats and vulnerabilities
• Developing more effective cyber security policies
• Examining the ethical implications of cyber security

Cyber Security Topics For Research Paper

• Cyber security threats and vulnerabilities
• Cyber security incident response and management
• Cyber security risk management
• Cyber security awareness and training
• Cyber security controls and countermeasures
• Cyber security governance
• Cyber security standards
• Cyber security insurance
• Cyber security and the law
• The future of cyber security

Top 5 Current Research Topics in Cybersecurity

Below are the latest 5 cybersecurity research topics. They are:

• Artificial Intelligence
• Digital Supply Chains
• Internet of Things
• State-Sponsored Attacks
• Working From Home

Research Area in Cyber Security

The field of cyber security is extensive and constantly evolving. Its research covers a wide range of subjects, including: 

• Quantum & Space  
• Data Privacy  
• Criminology & Law 
• AI & IoT Security
• RFID Security
• Authorisation Infrastructure
• Digital Forensics
• Autonomous Security
• Social Influence on Social Networks

How to Choose the Best Research Topics in Cyber Security?

A good cybersecurity assignment heading is a skill that not everyone has, and unfortunately, not everyone has one. You might have your teacher provide you with the topics, or you might be asked to come up with your own. If you want more cyber security research topics, you can take references from Certified Ethical Hacker Certification, where you will get more hints on new topics. If you don't know where to start, here are some tips. Follow them to create compelling cybersecurity assignment topics. 

1. Brainstorm

In order to select the most appropriate heading for your cybersecurity assignment, you first need to brainstorm ideas. What specific matter do you wish to explore? In this case, come up with relevant topics about the subject and select those relevant to your issue when you use our list of topics. You can also go to cyber security-oriented websites to get some ideas. Using any blog post on the internet can prove helpful if you intend to write a research paper on security threats in 2024. Creating a brainstorming list with all the keywords and cybersecurity concepts you wish to discuss is another great way to start. Once that's done, pick the topics you feel most comfortable handling. Keep in mind to stay away from common topics as much as possible. 

2. Understanding the Background

In order to write a cybersecurity assignment, you need to identify two or three research paper topics. Obtain the necessary resources and review them to gain background information on your heading. This will also allow you to learn new terminologies that can be used in your title to enhance it. 

3. Write a Single Topic

Make sure the subject of your cybersecurity research paper doesn't fall into either extreme. Make sure the title is neither too narrow nor too broad. Topics on either extreme will be challenging to research and write about. 

4. Be Flexible

There is no rule to say that the title you choose is permanent. It is perfectly okay to change your research paper topic along the way. For example, if you find another topic on this list to better suit your research paper, consider swapping it out. 

The Layout of Cybersecurity Research Guidance

It is undeniable that usability is one of cybersecurity's most important social issues today. Increasingly, security features have become standard components of our digital environment, which pervade our lives and require both novices and experts to use them. Supported by confidentiality, integrity, and availability concerns, security features have become essential components of our digital environment.  

In order to make security features easily accessible to a wider population, these functions need to be highly usable. This is especially true in this context because poor usability typically translates into the inadequate application of cybersecurity tools and functionality, resulting in their limited effectiveness. 

Cyber Security Research Topic Writing Tips from Expert

Additionally, a well-planned action plan and a set of useful tools are essential for delving into Cyber Security Research Topics. Not only do these topics present a vast realm of knowledge and potential innovation, but they also have paramount importance in today's digital age. Addressing the challenges and nuances of these research areas will contribute significantly to the global cybersecurity landscape, ensuring safer digital environments for all. It's crucial to approach these topics with diligence and an open mind to uncover groundbreaking insights.

• Before you begin writing your research paper, make sure you understand the assignment. 
• Your Research Paper Should Have an Engaging Topic 
• Find reputable sources by doing a little research 
• Precisely state your thesis on cybersecurity 
• A rough outline should be developed 
• Finish your paper by writing a draft 
• Make sure that your bibliography is formatted correctly and cites your sources. 

Discover the Power of ITIL 4 Foundation - Unleash the Potential of Your Business with this Cost-Effective Solution. Boost Efficiency, Streamline Processes, and Stay Ahead of the Competition. Learn More!

Studies in the literature have identified and recommended guidelines and recommendations for addressing security usability problems to provide highly usable security. The purpose of such papers is to consolidate existing design guidelines and define an initial core list that can be used for future reference in the field of Cyber Security Research Topics.

The researcher takes advantage of the opportunity to provide an up-to-date analysis of cybersecurity usability issues and evaluation techniques applied so far. As a result of this research paper, researchers and practitioners interested in cybersecurity systems who value human and social design elements are likely to find it useful. You can find KnowledgeHut’s Cyber Security courses online and take maximum advantage of them.

Frequently Asked Questions (FAQs)

Businesses and individuals are changing how they handle cybersecurity as technology changes rapidly - from cloud-based services to new IoT devices. 

Ideally, you should have read many papers and know their structure, what information they contain, and so on if you want to write something of interest to others. 

Inmates having the right to work, transportation of concealed weapons, rape and violence in prison, verdicts on plea agreements, rehab versus reform, and how reliable are eyewitnesses? 

The field of cyber security is extensive and constantly evolving. Its research covers various subjects, including Quantum & Space, Data Privacy, Criminology & Law, and AI & IoT Security. 

Mrinal Prakash

I am a B.Tech Student who blogs about various topics on cyber security and is specialized in web application security

Avail your free 1:1 mentorship session.

Something went wrong

Upcoming Cyber Security Batches & Dates

List of 78 Top Cyber Security Topics for Research

Table of contents

• 1 How To Choose The Best Cyber Security Research Topics
• 2 📚10 Cyber Security Topics For Research Paper
• 3 📱Mobile Cyber Security Research Paper Topics
• 4 🕵Top 10 Cyber Security Topics
• 5 👨‍💻Cyber Security Research Topics 2023
• 6 🔎Best Cyber Security Research Topics
• 7 👨‍🔬Cyber Security Future Research Topics
• 8 📑Cyber Security Topics For Research Paper
• 9 👩‍💻Cyber Security Topics on Computer and Software

There are many reasons to choose cyber security research topics for writing purposes. First, cyber security is a growing field, with many new and exciting developments happening all the time. This makes it an ideal topic to write about, as there is always something new to learn and discuss. Second, cyber security research can be used to improve the security of your own computer systems. By understanding the latest threats and vulnerabilities, you can make your systems more secure and less likely to be compromised. Third, writing about cyber security can help raise awareness about the importance of cyber security. By educating others about the dangers of cyber attacks and the importance of protecting their computers, you can help make the internet a safer place for everyone.

How To Choose The Best Cyber Security Research Topics

When it comes to choosing research paper topics on cyber security, there are a few things to consider. First, it is important to make sure that the topic is relevant and timely. Cyber security is an ever-changing field, so it is important to choose a topic that will be relevant for years to come. Second, it is important to choose a topic that is interesting and engaging. Cybersecurity can be a dry topic, so it is important to choose a topic that will keep readers engaged. Finally, it is important to choose a topic that is researchable. There are a lot of cyber security topics out there, but not all of them are easy to research. Make sure to choose a topic that has plenty of information available.

• Identify your audience.
• Define your research goals.
• Choose a topic that is both interesting and relevant to your audience.
• Do some preliminary research to make sure there is enough information available on your chosen topic.
• Make sure your topic is narrow enough to be covered in a single research paper.

📚10 Cyber Security Topics For Research Paper

• The Importance of Cyber Security
• The Evolution of Cyber Security
• The Future of Cyber Security
• The Impact of Cyber Security on Business
• The Role of Cyber Security in National Security
• The Challenges of Cyber Security
• The Costs of Cyber Security
• The Benefits of Cyber Security
• The Risks of Cyber Security
• The Implications of Cyber Security

📱Mobile Cyber Security Research Paper Topics

• Mobile device security: How to protect your mobile device from cyber attacks.
• The rise of mobile malware: How to protect your device from malicious software.
• Mobile phishing attacks: How to protect your device from being scammed.
• The dangers of public Wi-Fi: How to protect your device from being hacked.
• How to keep your data safe on your mobile device: Tips for keeping your personal information secure.

🕵Top 10 Cyber Security Topics

• Cybersecurity threats and attacks
• Cybersecurity risks and vulnerabilities
• Cybersecurity best practices
• Cybersecurity awareness and training
• Cybersecurity tools and technologies
• Cybersecurity policy and compliance
• Cybersecurity incident response
• Cybersecurity governance
• Cybersecurity risk management
• Cybersecurity strategy

👨‍💻Cyber Security Research Topics 2023

• The future of cyber security: what trends will shape the field in the coming years?
• The impact of AI and machine learning on cyber security
• The role of quantum computing in cyber security
• The challenges of securing the IoT
• The evolving threat landscape: what new threats are emerging and how can we defend against them?
• The role of data in cyber security: how can we better protect our data?
• The importance of user education in cyber security
• The challenges of securing mobile devices
• The future of cyber warfare: what trends are emerging?
• The role of cryptography in cyber security

🔎Best Cyber Security Research Topics

• The Impact of Cybersecurity on Businesses and Consumers
• The Evolution of Cybersecurity Threats and Attacks
• The Role of Cybersecurity in National Security
• The Economics of Cybersecurity
• The Psychology of Cybersecurity
• The Sociology of Cybersecurity
• The Ethics of Cybersecurity
• The History of Cybersecurity
• Cybersecurity threats and attacks.
• Cybersecurity policies and procedures.
• Cybersecurity awareness and training.
• Cybersecurity technologies and solutions.
• Cybersecurity risk management.
• Cybersecurity incident response.
• Cybersecurity governance.
• Cybersecurity compliance.
• Cybersecurity standards.
• Cybersecurity best practices.

👨‍🔬Cyber Security Future Research Topics

• Developing more effective methods for detecting and responding to cyber attacks
• Investigating the role of social media in cyber security
• Examining the impact of cloud computing on cyber security
• Investigating the security implications of the Internet of Things
• Studying the effectiveness of current cyber security measures
• Identifying new cyber security threats and vulnerabilities
• Developing more effective cyber security policies
• Examining the ethical implications of cyber security

📑Cyber Security Topics For Research Paper

• Cyber security threats and vulnerabilities.
• Cyber security incident response and management.
• Cyber security risk management.
• Cyber security awareness and training.
• Cyber security controls and countermeasures.
• Cyber security governance.
• Cyber security standards.
• Cyber security insurance.
• Cyber security and the law.
• The future of cyber security.

👩‍💻Cyber Security Topics on Computer and Software

• Cyber security risks associated with computer software
• The importance of keeping computer software up to date
• How to protect your computer from malware and other threats
• The best practices for securing your computer and software
• The different types of cyber security threats and how to avoid them
• The importance of cyber security awareness and education
• The role of cyber security in protecting critical infrastructure

Readers also enjoyed

WHY WAIT? PLACE AN ORDER RIGHT NOW!

Just fill out the form, press the button, and have no worries!

We use cookies to give you the best experience possible. By continuing we’ll assume you board with our cookie policy.

• Search Menu
• Sign in through your institution
• Editor's Choice
• Author Guidelines
• Submission Site
• Open Access
• About Journal of Cybersecurity
• Editorial Board
• Advertising and Corporate Services
• Journals Career Network
• Self-Archiving Policy
• Journals on Oxford Academic
• Books on Oxford Academic

Editors-in-Chief

Tyler Moore

About the journal

Journal of Cybersecurity publishes accessible articles describing original research in the inherently interdisciplinary world of computer, systems, and information security …

Latest articles

Call for Papers: Workshop on the Economics of Information Security

Journal of Cybersecurity is inviting submissions to a new special issue from the workshop on the economics of information security. Authors whose papers appeared at the workshop are invited to submit a revised version to the journal.

Call for Papers

Journal of Cybersecurity is soliciting papers for a special collection on the philosophy of information security. This collection will explore research at the intersection of philosophy, information security, and philosophy of science.

Find out more

Submit your paper

Join the conversation moving the science of security forward. Visit our Instructions to Authors for more information about how to submit your manuscript.

High-Impact Research Collection

Explore a collection of recently published high-impact research in the  Journal of Cybersecurity .

Browse the collection  here

Email alerts

Register to receive table of contents email alerts as soon as new issues of  Journal of Cybersecurity  are published online.

Read and Publish deals

Authors interested in publishing in Journal of Cybersecurity may be able to publish their paper Open Access using funds available through their institution’s agreement with OUP.

Find out if your institution is participating

Related Titles

Affiliations

• Online ISSN 2057-2093
• Print ISSN 2057-2085
• Copyright © 2024 Oxford University Press
• About Oxford Academic
• Publish journals with us
• University press partners
• What we publish
• New features  
• Open access
• Institutional account management
• Rights and permissions
• Get help with access
• Accessibility
• Advertising
• Media enquiries
• Oxford University Press
• Oxford Languages
• University of Oxford

Oxford University Press is a department of the University of Oxford. It furthers the University's objective of excellence in research, scholarship, and education by publishing worldwide

• Copyright © 2024 Oxford University Press
• Cookie settings
• Cookie policy
• Privacy policy
• Legal notice

This Feature Is Available To Subscribers Only

Sign In or Create an Account

This PDF is available to Subscribers Only

For full access to this pdf, sign in to an existing account, or purchase an annual subscription.

Research Topics & Ideas: Cybersecurity

50 Topic Ideas To Kickstart Your Research

If you’re just starting out exploring cybersecurity-related topics for your dissertation, thesis or research project, you’ve come to the right place. In this post, we’ll help kickstart your research by providing a hearty list of cybersecurity-related research topics and ideas , including examples from recent studies.

PS – This is just the start…

We know it’s exciting to run through a list of research topics, but please keep in mind that this list is just a starting point . These topic ideas provided here are intentionally broad and generic , so keep in mind that you will need to develop them further. Nevertheless, they should inspire some ideas for your project.

To develop a suitable research topic, you’ll need to identify a clear and convincing research gap , and a viable plan to fill that gap. If this sounds foreign to you, check out our free research topic webinar that explores how to find and refine a high-quality research topic, from scratch. Alternatively, consider our 1-on-1 coaching service .

Cybersecurity-Related Research Topics

• Developing machine learning algorithms for early detection of cybersecurity threats.
• The use of artificial intelligence in optimizing network traffic for telecommunication companies.
• Investigating the impact of quantum computing on existing encryption methods.
• The application of blockchain technology in securing Internet of Things (IoT) devices.
• Developing efficient data mining techniques for large-scale social media analytics.
• The role of virtual reality in enhancing online education platforms.
• Investigating the effectiveness of various algorithms in reducing energy consumption in data centers.
• The impact of edge computing on the performance of mobile applications in remote areas.
• The application of computer vision techniques in automated medical diagnostics.
• Developing natural language processing tools for sentiment analysis in customer service.
• The use of augmented reality for training in high-risk industries like oil and gas.
• Investigating the challenges of integrating AI into legacy enterprise systems.
• The role of IT in managing supply chain disruptions during global crises.
• Developing adaptive cybersecurity strategies for small and medium-sized enterprises.
• The impact of 5G technology on the development of smart city solutions.
• The application of machine learning in personalized e-commerce recommendations.
• Investigating the use of cloud computing in improving government service delivery.
• The role of IT in enhancing sustainability in the manufacturing sector.
• Developing advanced algorithms for autonomous vehicle navigation.
• The application of biometrics in enhancing banking security systems.
• Investigating the ethical implications of facial recognition technology.
• The role of data analytics in optimizing healthcare delivery systems.
• Developing IoT solutions for efficient energy management in smart homes.
• The impact of mobile computing on the evolution of e-health services.
• The application of IT in disaster response and management.

Cybersecurity Research Ideas (Continued)

• Assessing the security implications of quantum computing on modern encryption methods.
• The role of artificial intelligence in detecting and preventing phishing attacks.
• Blockchain technology in secure voting systems: opportunities and challenges.
• Cybersecurity strategies for protecting smart grids from targeted attacks.
• Developing a cyber incident response framework for small to medium-sized enterprises.
• The effectiveness of behavioural biometrics in preventing identity theft.
• Securing Internet of Things (IoT) devices in healthcare: risks and solutions.
• Analysis of cyber warfare tactics and their implications on national security.
• Exploring the ethical boundaries of offensive cybersecurity measures.
• Machine learning algorithms for predicting and mitigating DDoS attacks.
• Study of cryptocurrency-related cybercrimes: patterns and prevention strategies.
• Evaluating the impact of GDPR on data breach response strategies in the EU.
• Developing enhanced security protocols for mobile banking applications.
• An examination of cyber espionage tactics and countermeasures.
• The role of human error in cybersecurity breaches: a behavioural analysis.
• Investigating the use of deep fakes in cyber fraud: detection and prevention.
• Cloud computing security: managing risks in multi-tenant environments.
• Next-generation firewalls: evaluating performance and security features.
• The impact of 5G technology on cybersecurity strategies and policies.
• Secure coding practices: reducing vulnerabilities in software development.
• Assessing the role of cyber insurance in mitigating financial losses from cyber attacks.
• Implementing zero trust architecture in corporate networks: challenges and benefits.
• Ransomware attacks on critical infrastructure: case studies and defence strategies.
• Using big data analytics for proactive cyber threat intelligence.
• Evaluating the effectiveness of cybersecurity awareness training in organisations.

Recent Cybersecurity-Related Studies

While the ideas we’ve presented above are a decent starting point for finding a research topic, they are fairly generic and non-specific. So, it helps to look at actual studies in the cybersecurity space to see how this all comes together in practice.

Below, we’ve included a selection of recent studies to help refine your thinking. These are actual studies,  so they can provide some useful insight as to what a research topic looks like in practice.

• Cyber Security Vulnerability Detection Using Natural Language Processing (Singh et al., 2022)
• Security for Cloud-Native Systems with an AI-Ops Engine (Ck et al., 2022)
• Overview of Cyber Security (Yadav, 2022)
• Exploring the Top Five Evolving Threats in Cybersecurity: An In-Depth Overview (Mijwil et al., 2023)
• Cyber Security: Strategy to Security Challenges A Review (Nistane & Sharma, 2022)
• A Review Paper on Cyber Security (K & Venkatesh, 2022)
• The Significance of Machine Learning and Deep Learning Techniques in Cybersecurity: A Comprehensive Review (Mijwil, 2023)
• Towards Artificial Intelligence-Based Cybersecurity: The Practices and ChatGPT Generated Ways to Combat Cybercrime (Mijwil et al., 2023)
• ESTABLISHING CYBERSECURITY AWARENESS OF TECHNICAL SECURITY MEASURES THROUGH A SERIOUS GAME (Harding et al., 2022)
• Efficiency Evaluation of Cyber Security Based on EBM-DEA Model (Nguyen et al., 2022)
• An Overview of the Present and Future of User Authentication (Al Kabir & Elmedany, 2022)
• Cybersecurity Enterprises Policies: A Comparative Study (Mishra et al., 2022)
• The Rise of Ransomware: A Review of Attacks, Detection Techniques, and Future Challenges (Kamil et al., 2022)
• On the scale of Cyberspace and Cybersecurity (Pathan, 2022)
• Analysis of techniques and attacking pattern in cyber security approach (Sharma et al., 2022)
• Impact of Artificial Intelligence on Information Security in Business (Alawadhi et al., 2022)
• Deployment of Artificial Intelligence with Bootstrapped Meta-Learning in Cyber Security (Sasikala & Sharma, 2022)
• Optimization of Secure Coding Practices in SDLC as Part of Cybersecurity Framework (Jakimoski et al., 2022)
• CySSS ’22: 1st International Workshop on Cybersecurity and Social Sciences (Chan-Tin & Kennison, 2022)

As you can see, these research topics are a lot more focused than the generic topic ideas we presented earlier. So, for you to develop a high-quality research topic, you’ll need to get specific and laser-focused on a specific context with specific variables of interest.  In the video below, we explore some other important things you’ll need to consider when crafting your research topic.

Get 1-On-1 Help

If you’re still unsure about how to find a quality research topic, check out our Research Topic Kickstarter service, which is the perfect starting point for developing a unique, well-justified research topic.

You Might Also Like:

Submit a Comment Cancel reply

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.

• Print Friendly

Advertisement

AI-Driven Cybersecurity: An Overview, Security Intelligence Modeling and Research Directions

• Review Article
• Published: 26 March 2021
• Volume 2 , article number  173 , ( 2021 )

Cite this article

• Iqbal H. Sarker   ORCID: orcid.org/0000-0003-1740-5517 1 , 2 ,
• Md Hasan Furhad 3 &
• Raza Nowrozy 4  

22k Accesses

138 Citations

21 Altmetric

Explore all metrics

Artificial intelligence (AI) is one of the key technologies of the Fourth Industrial Revolution (or Industry 4.0), which can be used for the protection of Internet-connected systems from cyber threats, attacks, damage, or unauthorized access. To intelligently solve today’s various cybersecurity issues, popular AI techniques involving machine learning and deep learning methods, the concept of natural language processing, knowledge representation and reasoning, as well as the concept of knowledge or rule-based expert systems modeling can be used. Based on these AI methods, in this paper, we present a comprehensive view on “AI-driven Cybersecurity” that can play an important role for intelligent cybersecurity services and management . The security intelligence modeling based on such AI methods can make the cybersecurity computing process automated and intelligent than the conventional security systems. We also highlight several research directions within the scope of our study, which can help researchers do future research in the area. Overall, this paper’s ultimate objective is to serve as a reference point and guidelines for cybersecurity researchers as well as industry professionals in the area, especially from an intelligent computing or AI-based technical point of view.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price includes VAT (Russian Federation)

Instant access to the full article PDF.

Rent this article via DeepDyve

Institutional subscriptions

Similar content being viewed by others

Artificial Intelligence and Cybersecurity: Past, Presence, and Future

Artificial Intelligence for Cybersecurity: Threats, Attacks and Mitigation

The Future of Cybersecurity: Major Role of Artificial Intelligence, Machine Learning, and Deep Learning in Cyberspace

Li S, Da Li X, Zhao S. The internet of things: a survey. Inf Syst Front. 2015;17(2):243–59.

Article   Google Scholar  

Velte T, Velte A, Elsenpeter R. Cloud computing, a practical approach. New York: McGraw-Hill Inc; 2009.

Google Scholar  

Sarker IH, Kayes ASM, Badsha S, Alqahtani H, Watters P, Ng A. Cybersecurity data science: an overview from machine learning perspective. J Big Data. 2020;7(1):1–29.

Ibm security report. https://www.ibm.com/security/data-breach . Accessed 20 Oct 2019.

Fischer EA. Cybersecurity issues and challenges: in brief. 2014.

Anwar S, Mohamad Zain J, Zolkipli MF, Inayat Z, Khan S, Anthony B, Chang V. From intrusion detection to an intrusion response system: fundamentals, requirements, and future directions. Algorithms. 2017;39(2):10.

MATH   Google Scholar  

Mohammadi S, Mirvaziri H, Ghazizadeh-Ahsaee M, Karimipour H. Cyber intrusion detection by combined feature selection algorithm. J Inf Secur Appl. 2019;44:80–8.

Tapiador JE, Orfila A, Ribagorda A, Ramos B. Key-recovery attacks on kids, a keyed anomaly detection system. IEEE Trans Dependable Secur Comput. 2013;12(3):312–25.

Tavallaee M, Stakhanova N, Ghorbani AA. Toward credible evaluation of anomaly-based intrusion-detection methods. IEEE Trans Syst Man Cybern Part C (Appl Rev). 2010;40(5):516–24.

Foroughi F, Luksch P. Data science methodology for cybersecurity projects. arXiv preprint arXiv:1803.04219 . 2018.

Saxe J, Sanders H. Malware data science: attack detection and attribution. 2018.

Rainie L, Anderson J, Connolly J. Cyber attacks likely to increase. Digit Life. 2014;2025.

Al-Garadi MA, Mohamed A, Al-Ali A, Du X, Ali I, Guizani M. A survey of machine and deep learning methods for internet of things (iot) security. IEEE Commun Surv Tutor. 2020;22:1646–85.

Google trends. In https://trends.google.com/trends/ . 2019.

Craigen D, Diakun-Thibault N, Purse R. Defining cybersecurity. Technol Innov Manag Rev. 2014;4(10):13–21.

Aftergood S. Cybersecurity: the cold war online. Nature. 2017;547(7661):30.

National Research Council et al. Toward a safer and more secure cyberspace. 2007.

Jang-Jaccard J, Nepal S. A survey of emerging threats in cybersecurity. J Comput Syst Sci. 2014;80(5):973–93.

MathSciNet   MATH   Google Scholar  

Lahcen RAM, Caulkins B, Mohapatra R, Kumar M. Review and insight on the behavioral aspects of cybersecurity. Cybersecurity. 2020;3:1–18.

Mukkamala S, Sung A, Abraham A. Cyber security challenges: designing efficient intrusion detection systems and antivirus tools. In: Vemuri VR editor. Enhancing Computer Security with Smart Technology (Auerbach, 2006). 2005. p. 125–163.

Sun N, Zhang J, Rimba P, Gao S, Zhang LY, Xiang Y. Data-driven cybersecurity incident prediction: a survey. IEEE Commun Surv Tutor. 2018;21(2):1744–72.

McIntosh T, Jang-Jaccard J, Watters P, Susnjak T. The inadequacy of entropy-based ransomware detection. In: International conference on neural information processing. Springer; 2019. p. 181–189.

Dai J, Chen C, Li Y. A backdoor attack against lstm-based text classification systems. IEEE Access. 2019;7:138872–8.

Wang B, Yao Y, Shan S, Li H, Viswanath B, Zheng H, Zhao BY. Neural cleanse: Identifying and mitigating backdoor attacks in neural networks. In: 2019 IEEE symposium on security and privacy (SP). IEEE; 2019. p. 707–723.

Banerjee A, Rahman MS, Faloutsos M. Sut: quantifying and mitigating url typosquatting. Comput Netw. 2011;55(13):3001–14.

Alsayed A, Bilgrami A. E-banking security: internet hacking, phishing attacks, analysis and prevention of fraudulent activities. Int J Emerg Technol Adv Act. 2017;7(1):109–15.

Alazab M, Venkatraman S, Watters P, Alazab M, et al. Zero-day malware detection based on supervised learning algorithms of API call signatures. Proceedings of the 9th Australasian Data Mining Conference (AusDM), Ballarat, Australia. Australian Computer Society, CRPIT; 2010, vol 121.

Bilge L, Dumitraş T. Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM conference on computer and communications security. ACM; 2012. p. 833–844.

Moghimi A, Wichelmann J, Eisenbarth T, Sunar B. Memjam: a false dependency attack against constant-time crypto implementations. Int J Parallel Program. 2019;47(4):538–70.

Warkentin M, Willison R. Behavioral and policy issues in information systems security: the insider threat. Eur J Inf Syst. 2009;18(2):101–5.

Ohm M, Sykosch A, Meier M. Towards detection of software supply chain attacks by forensic artifacts. In: Proceedings of the 15th international conference on availability, reliability and security. 2020. p. 1–6.

Eggers S. A novel approach for analyzing the nuclear supply chain cyber-attack surface. Nucl Eng Technol. 2021;53(3):879–887

Kügler D. “man in the middle” attacks on bluetooth. In: International conference on financial cryptography. Springer; 2003. p. 149–161.

Shaw A. Data breach: from notification to prevention using pci dss. Colum JL Soc Probs. 2009;43:517.

Data breach investigations report 2019. https://enterprise.verizon.com/resources/reports/dbir/ . Accessed 20 Oct 2019.

Hong S. Survey on analysis and countermeasure for hacking attacks to cryptocurrency exchange. J Korea Converg Soc. 2019;10(10):1–6.

Boyd SW, Keromytis AD. Sqlrand: preventing sql injection attacks. In: International conference on applied cryptography and network security. Springer; 2004. p. 292–302.

Tong F, Yan Z. A hybrid approach of mobile malware detection in android. J Parallel Distrib Comput. 2017;103:22–31.

Shankar VG, Jangid M, Devi B, Kabra S. Mobile big data: malware and its analysis. In: Proceedings of first international conference on smart system, innovations and computing. Springer; 2018. p. 831–842.

Davi L, Dmitrienko A, Sadeghi A-R, Winandy M. Privilege escalation attacks on android. In: International conference on information security. Springer; 2010. p. 346–360.

Jovičić B, Simić D. Common web application attack types and security using asp .net. ComSIS. December. 2006.

Virvilis N, Gritzalis D. The big four-what we did wrong in advanced persistent threat detection. In: 2013 international conference on availability, reliability and security. IEEE; 2013. p. 248–254.

Sigler K. Crypto-jacking: how cyber-criminals are exploiting the crypto-currency boom. Comput Fraud Secur. 2018;2018(9):12–4.

Khraisat A, Gondal I, Vamplew P, Kamruzzaman J. Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity. 2019;2(1):20.

Qi H, Di X, Li J. Formal definition and analysis of access control model based on role and attribute. J Inf Secur Appl. 2018;43:53–60.

Yin J. Firewall policy management, May 10 2016. US Patent 9,338,134.

Xue Y, Meng G, Liu Y, Tan TH, Chen H, Sun J, Zhang J. Auditing anti-malware tools by evolving android malware and dynamic loading technique. IEEE Trans Inf Forensics Secur. 2017;12(7):1529–44.

Hunt T, Zhu Z, Yuanzhong X, Peter S, Witchel E. Ryoan: a distributed sandbox for untrusted computation on secret data. ACM Trans Comput Syst (TOCS). 2018;35(4):1–32.

Irfan M, Abbas H, Sun Y, Sajid A, Pasha M. A framework for cloud forensics evidence collection and analysis using security information and event management. Secur Commun Netw. 2016;9(16):3790–807.

Abood OG, Guirguis SK. A survey on cryptography algorithms. Int J Sci Res Publ. 2018;8(7):410–5.

Johnson L. Computer incident response and forensics team management: conducting a successful incident response. 2013.

Brahmi I, Brahmi H, Yahia SB. A multi-agents intrusion detection system using ontology and clustering techniques. In: IFIP international conference on computer science and its applications. Springer; 2015. p. 381–393.

Qu X, Yang L, Guo K, Ma L, Sun M, Ke M, Li M. A survey on the development of self-organizing maps for unsupervised intrusion detection. Mob Netw Appl. 2019; 1–22.

Liao H-J, Richard Lin C-H, Lin Y-C, Tung K-Y. Intrusion detection system: a comprehensive review. J Netw Comput Appl. 2013;36(1):16–24.

Ammar A, Michael H, Jemal A, Moutaz A. Using feature selection for intrusion detection system. In: 2012 international symposium on communications and information technologies (ISCIT). IEEE; 2012. p. 296–301.

Viegas E, Santin AO, Franca A, Jasinski R, Pedroni VA, Oliveira LS. Towards an energy-efficient anomaly-based intrusion detection engine for embedded systems. IEEE Trans Comput. 2016;66(1):163–77.

Xin Y, Kong L, Liu Z, Chen Y, Li Y, Zhu H, Gao M, Hou H, Wang C. Machine learning and deep learning methods for cybersecurity. IEEE Access. 2018;6:35365–81.

Ragsdale DJ, Carver CA, Humphries JW, Pooch UW. Adaptation techniques for intrusion detection and intrusion response systems. In: Smc 2000 conference proceedings. 2000 IEEE international conference on systems, man and cybernetics.’cybernetics evolving to systems, humans, organizations, and their complex interactions’(cat. no. 0) vol. 4. IEEE; 2000. p. 2344–2349.

Tavallaee M, Bagheri E, Lu W, Ghorbani AA. A detailed analysis of the kdd cup 99 data set. In: 2009 IEEE symposium on computational intelligence for security and defense applications. IEEE; 2009. p. 1–6.

Moustafa N, Slay J. Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: 2015 military communications and information systems conference (MilCIS). IEEE; 2015. p. 1–6.

Lippmann RP, Fried DJ, Graf I, Haines JW, Kendall KR, McClung D, Weber D, Webster SE, Wyschogrod D, Cunningham RK, et al. Evaluating intrusion detection systems: the 1998 darpa off-line intrusion detection evaluation. In: Proceedings DARPA information survivability conference and exposition. DISCEX’00, vol 2. IEEE; 2000. p. 12–26.

Caida ddos attack 2007 dataset. http://www.caida.org/data/ passive/ddos-20070804-dataset.xml/ . Accessed 20 Oct (2019).

Caida anonymized internet traces 2008 dataset. http://www.caida.org/data/passive/passive-2008-dataset.xml/ . Accessed 20 Oct 2019.

Isot botnet dataset. https://www.uvic.ca/engineering/ece/isot/ datasets/index.php/ . Accessed 20 Oct 2019.

The honeynet project. http://www.honeynet.org/chapters/france/ . Accessed 20 Oct 2019.

Canadian institute of cybersecurity, university of new brunswick, iscx dataset. http://www.unb.ca/cic/datasets/index.html/ . Accessed 20 Oct 2019.

Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur. 2012;31(3):357–74.

The ctu-13 dataset. https://stratosphereips.org/category/datasets-ctu13 . Accessed 20 Oct 2019.

Cse-cic-ids2018 [online]. https://www.unb.ca/cic/ datasets/ids-2018.html/ . Accessed 20 Oct 2019.

Cic-ddos2019 [online]. https://www.unb.ca/cic/datasets/ddos-2019.html/ . Accessed 28 March 2020.

Jing X, Yan Z, Jiang X, Pedrycz W. Network traffic fusion and analysis against ddos flooding attacks with a novel reversible sketch. Inf Fusion. 2019;51:100–13.

Xie M, Hu J, Yu X, Chang E. Evaluating host-based anomaly detection systems: application of the frequency-based algorithms to adfa-ld. In: International conference on network and system security. Springer; 2015. p. 542–549.

Lindauer B, Glasser J, Rosen M, Wallnau KC, L ExactData. Generating test data for insider threat detectors. JoWUA. 2014;5(2):80–94.

Glasser J, Lindauer B. Bridging the gap: a pragmatic approach to generating insider threat data. In: 2013 IEEE security and privacy workshops. IEEE; 2013. p. 98–104.

Enronspam. https://labs-repos.iit.demokritos.gr/skel/i-config/downloads/enron-spam/ . Accessed 20 Oct 2019.

Spamassassin. http://www.spamassassin.org/publiccorpus/ . Accessed 20 Oct 2019.

Lingspam. https://labs-repos.iit.demokritos.gr/skel/i-config/downloads/lingspampublic.tar.gz/ . Accessed 20 Oct 2019.

Alexa top sites. https://aws.amazon.com/alexa-top-sites/ . Accessed 20 Oct 2019.

Bambenek consulting–master feeds. http://osint.bambenekconsulting.com/feeds/ . Accessed 20 Oct 2019.

Dgarchive. https://dgarchive.caad.fkie.fraunhofer.de/site/ . Accessed 20 Oct 2019.

Zago M, Pérez MG, Pérez GM. Umudga: a dataset for profiling algorithmically generated domain names in botnet detection. Data in Brief. 2020. p. 105400.

Zhou Y, Jiang X. Dissecting android malware: characterization and evolution. In: 2012 IEEE symposium on security and privacy. IEEE; 2012. p. 95–109.

Virusshare. http://virusshare.com/ . Accessed 20 Oct 2019.

Virustotal. https://virustotal.com/ . Accessed 20 Oct 2019.

Comodo. https://www.comodo.com/home/internet-security/updates/vdp/database.php . Accessed 20 Oct 2019.

Contagio. http://contagiodump.blogspot.com/ . Accessed 20 Oct 2019.

Kumar R, Xiaosong Z, Khan RU, Kumar J, Ahad I. Effective and explainable detection of android malware based on machine learning algorithms. In: Proceedings of the 2018 international conference on computing and artificial intelligence. ACM; 2018. p. 35–40.

Microsoft malware classification (big 2015). arXiv:1802.10135 . Accessed 20 Oct 2019.

Koroniotis N, Moustafa N, Sitnikova E, Turnbull B. Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: bot-iot dataset. Future Gener Comput Syst. 2019;100:779–96.

Wu Y, Wei D, Feng J. Network attacks detection methods based on deep learning techniques: a survey. Secur Commun Netw. 2020;2020:17.

Ferrag MA, Maglaras L, Moschoyiannis S, Janicke H. Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J Inf Secur Appl. 2020;50:102419.

Aleesa AM, Zaidan BB, Zaidan AA, Sahar NM. Review of intrusion detection systems based on deep learning techniques: coherent taxonomy, challenges, motivations, recommendations, substantial analysis and future directions. Neural Comput Appl. 2020;32(14):9827–58.

Berman DS, Buczak AL, Chavis JS, Corbett CL. A survey of deep learning methods for cyber security. Information. 2019;10(4):122.

Chandrasekhar AM, Raghuveer K. Confederation of fcm clustering, ann and svm techniques to implement hybrid nids using corrected kdd cup 99 dataset. In: 2014 international conference on communication and signal processing. IEEE; 2014. p. 672–676.

Sharifi AM, Amirgholipour SK, Pourebrahimi A. Intrusion detection based on joint of k-means and knn. J Converg Inf Technol. 2015;10(5):42.

Wei-Chao L, Shih-Wen K, Chih-Fong T. Cann: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl Based Syst. 2015;78:13–21.

Tajbakhsh A, Rahmati M, Mirzaei A. Intrusion detection using fuzzy association rules. Appl Soft Comput. 2009;9(2):462–9.

Mitchell R, Chen R. Behavior rule specification-based intrusion detection for safety critical medical cyber physical systems. IEEE Trans Dependable Secur Comput. 2014;12(1):16–30.

Kotpalliwar MV, Wajgi R. Classification of attacks using support vector machine (svm) on kddcup’99 ids database. In: 2015 fifth international conference on communication systems and network technologies. IEEE; 2015. p. 987–990.

Pervez MS, Farid DM. Feature selection and intrusion classification in nsl-kdd cup 99 dataset employing svms. In: The 8th international conference on software, knowledge, information management and applications (SKIMA 2014). IEEE; 2014. p. 1–6.

Yan M, Liu Z. A new method of transductive svm-based network intrusion detection. In: International conference on computer and computing technologies in agriculture. Springer; 2010. p. 87–95.

Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K. An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl. 2012;39(1):424–30.

Raman MRG, Somu N, Jagarapu S, Manghnani T, Selvam T, Krithivasan K, Sriram VSS. An efficient intrusion detection technique based on support vector machine and improved binary gravitational search algorithm. Artif Intell Rev. 2020;53:3255–3286.

Kokila RT, Thamarai Selvi S, Govindarajan K. Ddos detection and analysis in sdn-based environment using support vector machine classifier. In: 2014 sixth international conference on advanced computing (ICoAC). IEEE; 2014. p. 205–210.

Xie M, Hu J, Slay J. Evaluating host-based anomaly detection systems: application of the one-class svm algorithm to adfa-ld. In: 2014 11th international conference on fuzzy systems and knowledge discovery (FSKD). IEEE; 2014. p. 978–982.

Saxena H, Richariya V. Intrusion detection in kdd99 dataset using svm-pso and feature reduction with information gain. Int J Comput Appl. 2014;98(6).25–29.

Shapoorifard H, Shamsinejad P. Intrusion detection using a novel hybrid method incorporating an improved knn. Int J Comput Appl. 2017;173(1):5–9.

Vishwakarma S, Sharma V, Tiwari A. An intrusion detection system using knn-aco algorithm. Int J Comput Appl. 2017;171(10):18–23.

Meng W, Li W, Kwok L-F. Design of intelligent knn-based alarm filter using knowledge-based alert verification in intrusion detection. Secur Commun Netw. 2015;8(18):3883–95.

Dada EG. A hybridized svm-knn-pdapso approach to intrusion detection system. In: Proceedings of Facility Seminar Ser. 2017. p. 14–21.

Koc L, Mazzuchi TA, Sarkani S. A network intrusion detection system based on a hidden Naïve Bayes multiclass classifier. Expert Syst Appl. 2012;39(18):13492–500.

Moon D, Im H, Kim I, Park JH. Dtb-ids: an intrusion detection system based on decision tree using behavior analysis for preventing apt attacks. J Supercomput. 2017;73(7):2881–95.

Ingre B, Yadav A, Soni AK. Decision tree based intrusion detection system for nsl-kdd dataset. In: International conference on information and communication technology for intelligent systems. Springer; 2017. p. 207–218.

Malik AJ, Khan FA. A hybrid technique using binary particle swarm optimization and decision tree pruning for network intrusion detection. Cluster Comput. 2018;21(1):667–80.

Relan NG, Patil DR. Implementation of network intrusion detection system using variant of decision tree algorithm. In: 2015 international conference on nascent technologies in the engineering field (ICNTE). IEEE; 2015. p. 1–5.

Rai K, Syamala Devi M, Guleria A. Decision tree based algorithm for intrusion detection. Int J Adv Netw Appl. 2016;7(4):2828.

Sarker IH, Abushark YB, Alsolami F, Khan AI. Intrudtree: a machine learning based cyber security intrusion detection model. Symmetry. 2020;12(5):754.

Puthran S, Shah K. Intrusion detection using improved decision tree algorithm with binary and quad split. In: International symposium on security in computing and communication. Springer; 2016. p. 427–438.

Balogun AO, Jimoh RG. Anomaly intrusion detection using an hybrid of decision tree and k-nearest neighbor. In: A Multidisciplinary Journal Publication of the Faculty of Science, Adeleke University, Ede, Nigeria, 2015; vol 2.

Jo S, Sung H, Ahn B. A comparative study on the performance of intrusion detection using decision tree and artificial neural network models. J Korea Soc Digit Ind Inf Manag. 2015;11(4):33–45.

Zhang J, Zulkernine M, Haque A. Random-forests-based network intrusion detection systems. IEEE Trans Syst Man Cybern Part C (Appl Rev). 2008;38(5):649–59.

Yuan Y, Kaklamanos G, Hogrefe D. A novel semi-supervised adaboost technique for network anomaly detection. In: Proceedings of the 19th ACM international conference on modeling, analysis and simulation of wireless and mobile systems. ACM; 2016. p. 111–114.

Alrawashdeh K, Purdy C. Toward an online anomaly intrusion detection system based on deep learning. In: 2016 15th IEEE international conference on machine learning and applications (ICMLA). IEEE; 2016. p. 195–200.

Yin C, Zhu Y, Fei J, He X. A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access. 2017;5:21954–61.

Kim J, Kim J, Thi Thu HL, Kim H. Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 international conference on platform technology and service (PlatCon). IEEE; 2016. p. 1–5.

Almiani M, AbuGhazleh A, Al-Rahayfeh A, Atiewi S, Razaque A. Deep recurrent neural network for iot intrusion detection system. Simul Model Pract Theory. 2019;101:102031.

Kolosnjaji B, Zarras A, Webster G, Eckert C. Deep learning for classification of malware system call sequences. In: Australasian joint conference on artificial intelligence. Springer; 2016. p. 137–149.

Wang W, Zhu M, Zeng X, Ye X, Sheng Y. Malware traffic classification using convolutional neural network for representation learning. In: 2017 international conference on information networking (ICOIN). IEEE; 2017. p. 712–717.

Hansen JV, Lowry PB, Meservy RD, McDonald DM. Genetic programming for prevention of cyberterrorism through dynamic and evolving intrusion detection. Decis Support Syst. 2007;43(4):1362–74.

Aslahi-Shahri BM, Rahmani R, Chizari M, Maralani A, Eslami M, Golkar MJ, Ebrahimi A. A hybrid method consisting of GA and SVM for intrusion detection system. Neural Comput Appl. 2016;27(6):1669–76.

Azad C, Jha VK. Genetic algorithm to solve the problem of small disjunct in the decision tree based intrusion detection system. Int J Comput Netw Inf Secur (IJCNIS). 2015;7(8):56.

Ariu D, Tronci R, Giacinto G. Hmmpayl: an intrusion detection system based on hidden Markov models. Comput Secur. 2011;30(4):221–41.

Årnes A, Valeur F, Vigna G, Kemmerer RA. Using hidden markov models to evaluate the risks of intrusions. In: International workshop on recent advances in intrusion detection. Springer; 2006. p. 145–164.

Alauthman M, Aslam N, Al-kasassbeh M, Khan S, Al-Qerem A, Choo K-KR. An efficient reinforcement learning-based botnet detection approach. J Netw Comput Appl. 2020;150:102479.

Blanco R, Cilla JJ, Briongos S, Malagón P, Moya JM. Applying cost-sensitive classifiers with reinforcement learning to ids. In: International conference on intelligent data engineering and automated learning. Springer; 2018. p. 531–538.

Lopez-Martin M, Carro B, Sanchez-Esguevillas A. Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Syst Appl. 2020;141:112963.

Sarker IH. Machine learning: Algorithms, real-world applications and research directions. Preprints. 2021; 2021030216:1–23.

Sarker IH, Kayes ASM, Watters P. Effectiveness analysis of machine learning classification models for predicting personalized context-aware smartphone usage. J Big Data. 2019;6(1):1–28.

John GH, Langley P. Estimating continuous distributions in Bayesian classifiers. In: Proceedings of the eleventh conference on uncertainty in artificial intelligence. Morgan Kaufmann Publishers Inc.; 1995. p. 338–345.

Quinlan JR. C4.5: Programs for machine learning. Mach Learn. 2014.

Sarker IH, Colman A, Han J, Khan AI, Abushark YB, Salah K. Behavdt: a behavioral decision tree learning to build user-centric context-aware predictive model. Mob Netw Appl. 2020;25:1151–1161.

Aha DW, Kibler D, Albert MK. Instance-based learning algorithms. Mach Learn. 1991;6(1):37–66.

Keerthi SS, Shevade SK, Bhattacharyya C, Krishna Murthy KR. Improvements to platt’s smo algorithm for svm classifier design. Neural Comput. 2001;13(3):637–49.

Freund Y, Schapire RE, et al. Experiments with a new boosting algorithm. In: Icml, vol. 96. Citeseer; 1996. p. 148–156.

Le Cessie S, Van Houwelingen JC. Ridge estimators in logistic regression. J R Stat Soc Ser C (Appl Stat). 1992;41(1):191–201.

Han J, Pei J, Kamber M. Data mining: concepts and techniques. 2011.

Pedregosa F, Varoquaux G, Gramfort A, Michel V, Thirion B, Grisel O, Blondel M, Prettenhofer P, Weiss R, Dubourg V, et al. Scikit-learn: machine learning in python. J Mach Learn Res. 2011;12:2825–30.

Breiman L. Random forests. Mach Learn. 2001;45(1):5–32.

MacQueen J. Some methods for classification and analysis of multivariate observations. In: Fifth Berkeley symposium on mathematical statistics and probability, vol. 1. 1967.

Rokach L. A survey of clustering algorithms. In: Data mining and knowledge discovery handbook. Springer; 2010. p. 269–298.

Kaufman L, Rousseeuw PJ. Finding groups in data: an introduction to cluster analysis, vol. 344. New York: Wiley; 2009.

Ester M, Kriegel H-P, Sander J, Xiaowei X, et al. A density-based algorithm for discovering clusters in large spatial databases with noise. Kdd. 1996;96:226–31.

Sneath PHA. The application of computers to taxonomy. J Gen Microbiol. 1957;17(1):201–26.

Sorensen T. Method of establishing groups of equal amplitude in plant sociology based on similarity of species. Biol Skr. 1948;5:1–34.

Sarker IH, Colman A, Kabir MA, Han J. Individualized time-series segmentation for mining mobile phone user behavior. Comput J. 2018;61(3):349–68.

Agrawal R, Imieliński T, Swami A. Mining association rules between sets of items in large databases. In: ACM SIGMOD Record, vol. 22. ACM; 1993. p. 207–216.

Agrawal R, Srikant R, et al. Fast algorithms for mining association rules. In: Proceedings of 20th international conference very large data bases, VLDB, vol. 1215. 1994. p. 487–499.

Han J, Pei J, Yin Y. Mining frequent patterns without candidate generation. In: ACM Sigmod Record, vol. 29. ACM; 2000. p. 1–12.

Das A, Ng W-K, Woon Y-K. Rapid association rule mining. In: Proceedings of the tenth international conference on Information and knowledge management. ACM; 2001. p. 474–481.

Zaki MJ. Scalable algorithms for association mining. IEEE Trans Knowl Data Eng. 2000;12(3):372–90.

Sarker IH, Kayes ASM. Abc-ruleminer: user behavioral rule-based machine learning method for context-aware intelligent services. J Netw Comput Appl. 2020;168:102762.

Sarker IH, Abushark YB, Khan AI. Contextpca: predicting context-aware smartphone apps usage based on machine learning techniques. Symmetry. 2020;12(4):499.

Van Efferen L, Ali-Eldin AMT. A multi-layer perceptron approach for flow-based anomaly detection. In: 2017 international symposium on networks, computers and communications (ISNCC). IEEE; 2017. p. 1–6.

Liu H, Lang B, Liu M, Yan H. Cnn and rnn based payload classification methods for attack detection. Knowl Based Syst. 2019;163:332–41.

Khan FA, Gumaei A, Derhab A, Hussain A. A novel two-stage deep learning model for efficient network intrusion detection. IEEE Access. 2019;7:30373–85.

Kaelbling LP, Littman ML, Moore AW. Reinforcement learning: a survey. J Artif Intell Res. 1996;4:237–85.

Sarker IH. Deep cybersecurity: A comprehensive overview from neural network and deep learning perspective. Preprints. 2021; 2021020340:1–18.

Sarker IH, Hoque MM, Uddin K et al. Mobile data science and intelligent apps: concepts, ai-based modeling and research directions. Mob Netw Appl. 2020;1–19.

Kidmose E, Stevanovic M, Pedersen JM. Detection of malicious domains through lexical analysis. In: 2018 international conference on cyber security and protection of digital services (cyber security). IEEE; 2018. p. 1–5.

Perera I, Hwang J, Bayas K, Dorr B, Wilks Y. Cyberattack prediction through public text analysis and mini-theories. In: 2018 IEEE international conference on big data (big data). IEEE; 2018. p. 3001–3010.

L’Huillier G, Hevia A, Weber R, Rios S. Latent semantic analysis and keyword extraction for phishing classification. In: 2010 IEEE international conference on intelligence and security informatics. IEEE; 2010. p. 129–131.

Georgescu T-M, Iancu B, Zurini M. Named-entity-recognition-based automated system for diagnosing cybersecurity situations in iot networks. Sensors. 2019;19(15):3380.

Sun S, Luo C, Chen J. A review of natural language processing techniques for opinion mining systems. Inf Fusion. 2017;36:10–25.

Mokhov SA, Paquet J, Debbabi M. The use of nlp techniques in static code analysis to detect weaknesses and vulnerabilities. In: Canadian conference on artificial intelligence. Springer; 2014. p. 326–332.

Egozi G, Verma R. Phishing email detection using robust nlp techniques. In: 2018 IEEE international conference on data mining workshops (ICDMW). IEEE; 2018. p. 7–12.

Karbab EB, Debbabi M. Maldy: portable, data-driven malware detection using natural language processing and machine learning techniques on behavioral analysis reports. Digit Investig. 2019;28:S77–87.

Stephan G, Pascal H, Andreas A. Knowledge representation and ontologies. Semantic web services: concepts, technologies, and applications. 2007. p. 51–105.

Maedche A, Staab S. Ontology learning for the semantic web. IEEE Intell Syst. 2001;16(2):72–9.

Pereira T, Santos H. An ontology based approach to information security. In: Research conference on metadata and semantic research. Springer; 2009. p. 183–192.

McGuinness DL, Van Harmelen F, et al. Owl web ontology language overview. W3C Recomm. 2004;10(10):2004.

Witten IH, Frank E. Data mining: practical machine learning tools and techniques. Burlington: Morgan Kaufmann; 2005.

Witten IH, Frank E, Trigg LE, Hall MA, Holmes G, Cunningham SJ. Weka: practical machine learning tools and techniques with java implementations. 1999.

Zadeh LA. Fuzzy logic—a personal perspective. Fuzzy Sets Syst. 2015;281:4–20.

Sarker IH. A machine learning based robust prediction model for real-life mobile phone data. Internet Things. 2019;5:180–93.

Sarker IH. Context-aware rule learning from smartphone data: survey, challenges and future directions. J Big Data. 2019;6(1):95.

Sarker IH, Colman A, Han J. Recencyminer: mining recency-based personalized behavior from contextual smartphone data. J Big Data. 2019;6(1):49.

Download references

Author information

Authors and affiliations.

Swinburne University of Technology, Melbourne, VIC, 3122, Australia

Iqbal H. Sarker

Department of Computer Science and Engineering, Chittagong University of Engineering & Technology, Chittagong, 4349, Bangladesh

Centre for Cyber Security and Games, Canberra Institute of Technology, Reid, ACT, 2601, Australia

Md Hasan Furhad

Victoria University, Footscray, VIC, 3011, Australia

Raza Nowrozy

You can also search for this author in PubMed   Google Scholar

Contributions

The authors present a comprehensive view on “AI-driven Cybersecurity” that can play an important role for intelligent cybersecurity services and management [IHS—conceptualization, research design, and prepare the original manuscript]. All the authors read and approved the final manuscript.

Corresponding author

Correspondence to Iqbal H. Sarker .

Ethics declarations

Conflict of interest.

The authors declare no conflict of interest.

Additional information

Publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the topical collection “Cyber Security and Privacy in Communication Networks” guest edited by Rajiv Misra, R K Shyamsunder, Alexiei Dingli, Natalie Denk, Omer Rana, Alexander Pfeiffer, Ashok Patel and Nishtha Kesswani.

Rights and permissions

Reprints and permissions

About this article

Sarker, I.H., Furhad, M.H. & Nowrozy, R. AI-Driven Cybersecurity: An Overview, Security Intelligence Modeling and Research Directions. SN COMPUT. SCI. 2 , 173 (2021). https://doi.org/10.1007/s42979-021-00557-0

Download citation

Received : 22 November 2020

Accepted : 02 March 2021

Published : 26 March 2021

DOI : https://doi.org/10.1007/s42979-021-00557-0

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Cybersecurity
• Artificial intelligence
• Machine learning
• Cyber data analytics
• Cyber-attacks
• Intrusion detection
• Security intelligence
• Find a journal
• Publish with us
• Track your research

• Privacy Policy

Home » 500+ Cyber Security Research Topics

500+ Cyber Security Research Topics

Cybersecurity has become an increasingly important topic in recent years as more and more of our lives are spent online. With the rise of the digital age, there has been a corresponding increase in the number and severity of cyber attacks. As such, research into cybersecurity has become critical in order to protect individuals, businesses, and governments from these threats. In this blog post, we will explore some of the most pressing cybersecurity research topics, from the latest trends in cyber attacks to emerging technologies that can help prevent them. Whether you are a cybersecurity professional, a Master’s or Ph.D. student, or simply interested in the field, this post will provide valuable insights into the challenges and opportunities in this rapidly evolving area of study.

Cyber Security Research Topics

Cyber Security Research Topics are as follows:

• The role of machine learning in detecting cyber threats
• The impact of cloud computing on cyber security
• Cyber warfare and its effects on national security
• The rise of ransomware attacks and their prevention methods
• Evaluating the effectiveness of network intrusion detection systems
• The use of blockchain technology in enhancing cyber security
• Investigating the role of cyber security in protecting critical infrastructure
• The ethics of hacking and its implications for cyber security professionals
• Developing a secure software development lifecycle (SSDLC)
• The role of artificial intelligence in cyber security
• Evaluating the effectiveness of multi-factor authentication
• Investigating the impact of social engineering on cyber security
• The role of cyber insurance in mitigating cyber risks
• Developing secure IoT (Internet of Things) systems
• Investigating the challenges of cyber security in the healthcare industry
• Evaluating the effectiveness of penetration testing
• Investigating the impact of big data on cyber security
• The role of quantum computing in breaking current encryption methods
• Developing a secure BYOD (Bring Your Own Device) policy
• The impact of cyber security breaches on a company’s reputation
• The role of cyber security in protecting financial transactions
• Evaluating the effectiveness of anti-virus software
• The use of biometrics in enhancing cyber security
• Investigating the impact of cyber security on the supply chain
• The role of cyber security in protecting personal privacy
• Developing a secure cloud storage system
• Evaluating the effectiveness of firewall technologies
• Investigating the impact of cyber security on e-commerce
• The role of cyber security in protecting intellectual property
• Developing a secure remote access policy
• Investigating the challenges of securing mobile devices
• The role of cyber security in protecting government agencies
• Evaluating the effectiveness of cyber security training programs
• Investigating the impact of cyber security on the aviation industry
• The role of cyber security in protecting online gaming platforms
• Developing a secure password management system
• Investigating the challenges of securing smart homes
• The impact of cyber security on the automotive industry
• The role of cyber security in protecting social media platforms
• Developing a secure email system
• Evaluating the effectiveness of encryption methods
• Investigating the impact of cyber security on the hospitality industry
• The role of cyber security in protecting online education platforms
• Developing a secure backup and recovery strategy
• Investigating the challenges of securing virtual environments
• The impact of cyber security on the energy sector
• The role of cyber security in protecting online voting systems
• Developing a secure chat platform
• Investigating the impact of cyber security on the entertainment industry
• The role of cyber security in protecting online dating platforms
• Artificial Intelligence and Machine Learning in Cybersecurity
• Quantum Cryptography and Post-Quantum Cryptography
• Internet of Things (IoT) Security
• Developing a framework for cyber resilience in critical infrastructure
• Understanding the fundamentals of encryption algorithms
• Cyber security challenges for small and medium-sized businesses
• Developing secure coding practices for web applications
• Investigating the role of cyber security in protecting online privacy
• Network security protocols and their importance
• Social engineering attacks and how to prevent them
• Investigating the challenges of securing personal devices and home networks
• Developing a basic incident response plan for cyber attacks
• The impact of cyber security on the financial sector
• Understanding the role of cyber security in protecting critical infrastructure
• Mobile device security and common vulnerabilities
• Investigating the challenges of securing cloud-based systems
• Cyber security and the Internet of Things (IoT)
• Biometric authentication and its role in cyber security
• Developing secure communication protocols for online messaging platforms
• The importance of cyber security in e-commerce
• Understanding the threats and vulnerabilities associated with social media platforms
• Investigating the role of cyber security in protecting intellectual property
• The basics of malware analysis and detection
• Developing a basic cyber security awareness training program
• Understanding the threats and vulnerabilities associated with public Wi-Fi networks
• Investigating the challenges of securing online banking systems
• The importance of password management and best practices
• Cyber security and cloud computing
• Understanding the role of cyber security in protecting national security
• Investigating the challenges of securing online gaming platforms
• The basics of cyber threat intelligence
• Developing secure authentication mechanisms for online services
• The impact of cyber security on the healthcare sector
• Understanding the basics of digital forensics
• Investigating the challenges of securing smart home devices
• The role of cyber security in protecting against cyberbullying
• Developing secure file transfer protocols for sensitive information
• Understanding the challenges of securing remote work environments
• Investigating the role of cyber security in protecting against identity theft
• The basics of network intrusion detection and prevention systems
• Developing secure payment processing systems
• Understanding the role of cyber security in protecting against ransomware attacks
• Investigating the challenges of securing public transportation systems
• The basics of network segmentation and its importance in cyber security
• Developing secure user access management systems
• Understanding the challenges of securing supply chain networks
• The role of cyber security in protecting against cyber espionage
• Investigating the challenges of securing online educational platforms
• The importance of data backup and disaster recovery planning
• Developing secure email communication protocols
• Understanding the basics of threat modeling and risk assessment
• Investigating the challenges of securing online voting systems
• The role of cyber security in protecting against cyber terrorism
• Developing secure remote access protocols for corporate networks.
• Investigating the challenges of securing artificial intelligence systems
• The role of machine learning in enhancing cyber threat intelligence
• Evaluating the effectiveness of deception technologies in cyber security
• Investigating the impact of cyber security on the adoption of emerging technologies
• The role of cyber security in protecting smart cities
• Developing a risk-based approach to cyber security governance
• Investigating the impact of cyber security on economic growth and innovation
• The role of cyber security in protecting human rights in the digital age
• Developing a secure digital identity system
• Investigating the impact of cyber security on global political stability
• The role of cyber security in protecting the Internet of Things (IoT)
• Developing a secure supply chain management system
• Investigating the challenges of securing cloud-native applications
• The role of cyber security in protecting against insider threats
• Developing a secure software-defined network (SDN)
• Investigating the impact of cyber security on the adoption of mobile payments
• The role of cyber security in protecting against cyber warfare
• Developing a secure distributed ledger technology (DLT) system
• Investigating the impact of cyber security on the digital divide
• The role of cyber security in protecting against state-sponsored attacks
• Developing a secure Internet infrastructure
• Investigating the challenges of securing industrial control systems (ICS)
• Developing a secure quantum communication system
• Investigating the impact of cyber security on global trade and commerce
• Developing a secure decentralized authentication system
• Investigating the challenges of securing edge computing systems
• Developing a secure hybrid cloud system
• Investigating the impact of cyber security on the adoption of smart cities
• The role of cyber security in protecting against cyber propaganda
• Developing a secure blockchain-based voting system
• Investigating the challenges of securing cyber-physical systems (CPS)
• The role of cyber security in protecting against cyber hate speech
• Developing a secure machine learning system
• Investigating the impact of cyber security on the adoption of autonomous vehicles
• The role of cyber security in protecting against cyber stalking
• Developing a secure data-driven decision-making system
• Investigating the challenges of securing social media platforms
• The role of cyber security in protecting against cyberbullying in schools
• Developing a secure open source software ecosystem
• Investigating the impact of cyber security on the adoption of smart homes
• The role of cyber security in protecting against cyber fraud
• Developing a secure software supply chain
• Investigating the challenges of securing cloud-based healthcare systems
• The role of cyber security in protecting against cyber harassment
• Developing a secure multi-party computation system
• Investigating the impact of cyber security on the adoption of virtual and augmented reality technologies.
• Cybersecurity in Cloud Computing Environments
• Cyber Threat Intelligence and Analysis
• Blockchain Security
• Data Privacy and Protection
• Cybersecurity in Industrial Control Systems
• Mobile Device Security
• The importance of cyber security in the digital age
• The ethics of cyber security and privacy
• The role of government in regulating cyber security
• Cyber security threats and vulnerabilities in the healthcare sector
• Understanding the risks associated with social media and cyber security
• The impact of cyber security on e-commerce
• The effectiveness of cyber security awareness training programs
• The role of biometric authentication in cyber security
• The importance of password management in cyber security
• The basics of network security protocols and their importance
• The challenges of securing online gaming platforms
• The role of cyber security in protecting national security
• The impact of cyber security on the legal sector
• The ethics of cyber warfare
• The challenges of securing the Internet of Things (IoT)
• Understanding the basics of malware analysis and detection
• The challenges of securing public transportation systems
• The impact of cyber security on the insurance industry
• The role of cyber security in protecting against ransomware attacks
• The challenges of securing remote work environments
• Understanding the threats and vulnerabilities associated with social engineering attacks
• The impact of cyber security on the education sector
• Investigating the challenges of securing supply chain networks
• The challenges of securing personal devices and home networks
• The importance of secure coding practices for web applications
• The impact of cyber security on the hospitality industry
• The role of cyber security in protecting against identity theft
• The challenges of securing public Wi-Fi networks
• The importance of cyber security in protecting critical infrastructure
• The challenges of securing cloud-based storage systems
• The effectiveness of antivirus software in cyber security
• Developing secure payment processing systems.
• Cybersecurity in Healthcare
• Social Engineering and Phishing Attacks
• Cybersecurity in Autonomous Vehicles
• Cybersecurity in Smart Cities
• Cybersecurity Risk Assessment and Management
• Malware Analysis and Detection Techniques
• Cybersecurity in the Financial Sector
• Cybersecurity in Government Agencies
• Cybersecurity and Artificial Life
• Cybersecurity for Critical Infrastructure Protection
• Cybersecurity in the Education Sector
• Cybersecurity in Virtual Reality and Augmented Reality
• Cybersecurity in the Retail Industry
• Cryptocurrency Security
• Cybersecurity in Supply Chain Management
• Cybersecurity and Human Factors
• Cybersecurity in the Transportation Industry
• Cybersecurity in Gaming Environments
• Cybersecurity in Social Media Platforms
• Cybersecurity and Biometrics
• Cybersecurity and Quantum Computing
• Cybersecurity in 5G Networks
• Cybersecurity in Aviation and Aerospace Industry
• Cybersecurity in Agriculture Industry
• Cybersecurity in Space Exploration
• Cybersecurity in Military Operations
• Cybersecurity and Cloud Storage
• Cybersecurity in Software-Defined Networks
• Cybersecurity and Artificial Intelligence Ethics
• Cybersecurity and Cyber Insurance
• Cybersecurity in the Legal Industry
• Cybersecurity and Data Science
• Cybersecurity in Energy Systems
• Cybersecurity in E-commerce
• Cybersecurity in Identity Management
• Cybersecurity in Small and Medium Enterprises
• Cybersecurity in the Entertainment Industry
• Cybersecurity and the Internet of Medical Things
• Cybersecurity and the Dark Web
• Cybersecurity and Wearable Technology
• Cybersecurity in Public Safety Systems.
• Threat Intelligence for Industrial Control Systems
• Privacy Preservation in Cloud Computing
• Network Security for Critical Infrastructure
• Cryptographic Techniques for Blockchain Security
• Malware Detection and Analysis
• Cyber Threat Hunting Techniques
• Cybersecurity Risk Assessment
• Machine Learning for Cybersecurity
• Cybersecurity in Financial Institutions
• Cybersecurity for Smart Cities
• Cybersecurity in Aviation
• Cybersecurity in the Automotive Industry
• Cybersecurity in the Energy Sector
• Cybersecurity in Telecommunications
• Cybersecurity for Mobile Devices
• Biometric Authentication for Cybersecurity
• Cybersecurity for Artificial Intelligence
• Cybersecurity for Social Media Platforms
• Cybersecurity in the Gaming Industry
• Cybersecurity in the Defense Industry
• Cybersecurity for Autonomous Systems
• Cybersecurity for Quantum Computing
• Cybersecurity for Augmented Reality and Virtual Reality
• Cybersecurity in Cloud-Native Applications
• Cybersecurity for Smart Grids
• Cybersecurity in Distributed Ledger Technology
• Cybersecurity for Next-Generation Wireless Networks
• Cybersecurity for Digital Identity Management
• Cybersecurity for Open Source Software
• Cybersecurity for Smart Homes
• Cybersecurity for Smart Transportation Systems
• Cybersecurity for Cyber Physical Systems
• Cybersecurity for Critical National Infrastructure
• Cybersecurity for Smart Agriculture
• Cybersecurity for Retail Industry
• Cybersecurity for Digital Twins
• Cybersecurity for Quantum Key Distribution
• Cybersecurity for Digital Healthcare
• Cybersecurity for Smart Logistics
• Cybersecurity for Wearable Devices
• Cybersecurity for Edge Computing
• Cybersecurity for Cognitive Computing
• Cybersecurity for Industrial IoT
• Cybersecurity for Intelligent Transportation Systems
• Cybersecurity for Smart Water Management Systems
• The rise of cyber terrorism and its impact on national security
• The impact of artificial intelligence on cyber security
• Analyzing the effectiveness of biometric authentication for securing data
• The impact of social media on cyber security and privacy
• The future of cyber security in the Internet of Things (IoT) era
• The role of machine learning in detecting and preventing cyber attacks
• The effectiveness of encryption in securing sensitive data
• The impact of quantum computing on cyber security
• The rise of cyber bullying and its effects on mental health
• Investigating cyber espionage and its impact on national security
• The effectiveness of cyber insurance in mitigating cyber risks
• The role of blockchain technology in cyber security
• Investigating the effectiveness of cyber security awareness training programs
• The impact of cyber attacks on critical infrastructure
• Analyzing the effectiveness of firewalls in protecting against cyber attacks
• The impact of cyber crime on the economy
• Investigating the effectiveness of multi-factor authentication in securing data
• The future of cyber security in the age of quantum internet
• The impact of big data on cyber security
• The role of cybersecurity in the education system
• Investigating the use of deception techniques in cyber security
• The impact of cyber attacks on the healthcare industry
• The effectiveness of cyber threat intelligence in mitigating cyber risks
• The role of cyber security in protecting financial institutions
• Investigating the use of machine learning in cyber security risk assessment
• The impact of cyber attacks on the transportation industry
• The effectiveness of network segmentation in protecting against cyber attacks
• Investigating the effectiveness of biometric identification in cyber security
• The impact of cyber attacks on the hospitality industry
• The future of cyber security in the era of autonomous vehicles
• The effectiveness of intrusion detection systems in protecting against cyber attacks
• The role of cyber security in protecting small businesses
• Investigating the effectiveness of virtual private networks (VPNs) in securing data
• The impact of cyber attacks on the energy sector
• The effectiveness of cyber security regulations in mitigating cyber risks
• Investigating the use of deception technology in cyber security
• The impact of cyber attacks on the retail industry
• The effectiveness of cyber security in protecting critical infrastructure
• The role of cyber security in protecting intellectual property in the entertainment industry
• Investigating the effectiveness of intrusion prevention systems in protecting against cyber attacks
• The impact of cyber attacks on the aerospace industry
• The future of cyber security in the era of quantum computing
• The effectiveness of cyber security in protecting against ransomware attacks
• The role of cyber security in protecting personal and sensitive data
• Investigating the effectiveness of cloud security solutions in protecting against cyber attacks
• The impact of cyber attacks on the manufacturing industry
• The effective cyber security and the future of e-votingness of cyber security in protecting against social engineering attacks
• Investigating the effectiveness of end-to-end encryption in securing data
• The impact of cyber attacks on the insurance industry
• The future of cyber security in the era of artificial intelligence
• The effectiveness of cyber security in protecting against distributed denial-of-service (DDoS) attacks
• The role of cyber security in protecting against phishing attacks
• Investigating the effectiveness of user behavior analytics
• The impact of emerging technologies on cyber security
• Developing a framework for cyber threat intelligence
• The effectiveness of current cyber security measures
• Cyber security and data privacy in the age of big data
• Cloud security and virtualization technologies
• Cryptography and its role in cyber security
• Cyber security in critical infrastructure protection
• Cyber security in the Internet of Things (IoT)
• Cyber security in e-commerce and online payment systems
• Cyber security and the future of digital currencies
• The impact of social engineering on cyber security
• Cyber security and ethical hacking
• Cyber security challenges in the healthcare industry
• Cyber security and digital forensics
• Cyber security in the financial sector
• Cyber security in the transportation industry
• The impact of artificial intelligence on cyber security risks
• Cyber security and mobile devices
• Cyber security in the energy sector
• Cyber security and supply chain management
• The role of machine learning in cyber security
• Cyber security in the defense sector
• The impact of the Dark Web on cyber security
• Cyber security in social media and online communities
• Cyber security challenges in the gaming industry
• Cyber security and cloud-based applications
• The role of blockchain in cyber security
• Cyber security and the future of autonomous vehicles
• Cyber security in the education sector
• Cyber security in the aviation industry
• The impact of 5G on cyber security
• Cyber security and insider threats
• Cyber security and the legal system
• The impact of cyber security on business operations
• Cyber security and the role of human behavior
• Cyber security in the hospitality industry
• The impact of cyber security on national security
• Cyber security and the use of biometrics
• Cyber security and the role of social media influencers
• The impact of cyber security on small and medium-sized enterprises
• Cyber security and cyber insurance
• The impact of cyber security on the job market
• Cyber security and international relations
• Cyber security and the role of government policies
• The impact of cyber security on privacy laws
• Cyber security in the media and entertainment industry
• The role of cyber security in digital marketing
• Cyber security and the role of cybersecurity professionals
• Cyber security in the retail industry
• The impact of cyber security on the stock market
• Cyber security and intellectual property protection
• Cyber security and online dating
• The impact of cyber security on healthcare innovation
• Cyber security and the future of e-voting
• Cyber security and the role of open source software
• Cyber security and the use of social engineering in cyber attacks
• The impact of cyber security on the aviation industry
• Cyber security and the role of cyber security awareness training
• Cyber security and the role of cybersecurity standards and best practices
• Cyber security in the legal industry
• The impact of cyber security on human rights
• Cyber security and the role of public-private partnerships
• Cyber security and the future of e-learning
• Cyber security and the role of mobile applications
• The impact of cyber security on environmental sustainability
• Cyber security and the role of threat intelligence sharing
• Cyber security and the future of smart homes
• Cyber security and the role of cybersecurity certifications
• The impact of cyber security on international trade
• Cyber security and the role of cyber security auditing

About the author

Muhammad Hassan

Researcher, Academic Writer, Web developer

You may also like

200+ Funny Research Topics

500+ Sports Research Topics

500+ Environmental Research Topics

500+ Economics Research Topics

500+ Physics Research Topics

500+ Google Scholar Research Topics

• Survey Paper
• Open access
• Published: 01 July 2020

Cybersecurity data science: an overview from machine learning perspective

• Iqbal H. Sarker   ORCID: orcid.org/0000-0003-1740-5517 1 , 2 ,
• A. S. M. Kayes 3 ,
• Shahriar Badsha 4 ,
• Hamed Alqahtani 5 ,
• Paul Watters 3 &
• Alex Ng 3  

Journal of Big Data volume  7 , Article number:  41 ( 2020 ) Cite this article

147k Accesses

248 Citations

51 Altmetric

Metrics details

In a computing context, cybersecurity is undergoing massive shifts in technology and its operations in recent days, and data science is driving the change. Extracting security incident patterns or insights from cybersecurity data and building corresponding data-driven model , is the key to make a security system automated and intelligent. To understand and analyze the actual phenomena with data, various scientific methods, machine learning techniques, processes, and systems are used, which is commonly known as data science. In this paper, we focus and briefly discuss on cybersecurity data science , where the data is being gathered from relevant cybersecurity sources, and the analytics complement the latest data-driven patterns for providing more effective security solutions. The concept of cybersecurity data science allows making the computing process more actionable and intelligent as compared to traditional ones in the domain of cybersecurity. We then discuss and summarize a number of associated research issues and future directions . Furthermore, we provide a machine learning based multi-layered framework for the purpose of cybersecurity modeling. Overall, our goal is not only to discuss cybersecurity data science and relevant methods but also to focus the applicability towards data-driven intelligent decision making for protecting the systems from cyber-attacks.

Introduction

Due to the increasing dependency on digitalization and Internet-of-Things (IoT) [ 1 ], various security incidents such as unauthorized access [ 2 ], malware attack [ 3 ], zero-day attack [ 4 ], data breach [ 5 ], denial of service (DoS) [ 2 ], social engineering or phishing [ 6 ] etc. have grown at an exponential rate in recent years. For instance, in 2010, there were less than 50 million unique malware executables known to the security community. By 2012, they were double around 100 million, and in 2019, there are more than 900 million malicious executables known to the security community, and this number is likely to grow, according to the statistics of AV-TEST institute in Germany [ 7 ]. Cybercrime and attacks can cause devastating financial losses and affect organizations and individuals as well. It’s estimated that, a data breach costs 8.19 million USD for the United States and 3.9 million USD on an average [ 8 ], and the annual cost to the global economy from cybercrime is 400 billion USD [ 9 ]. According to Juniper Research [ 10 ], the number of records breached each year to nearly triple over the next 5 years. Thus, it’s essential that organizations need to adopt and implement a strong cybersecurity approach to mitigate the loss. According to [ 11 ], the national security of a country depends on the business, government, and individual citizens having access to applications and tools which are highly secure, and the capability on detecting and eliminating such cyber-threats in a timely way. Therefore, to effectively identify various cyber incidents either previously seen or unseen, and intelligently protect the relevant systems from such cyber-attacks, is a key issue to be solved urgently.

Popularity trends of data science, machine learning and cybersecurity over time, where x-axis represents the timestamp information and y axis represents the corresponding popularity values

Cybersecurity is a set of technologies and processes designed to protect computers, networks, programs and data from attack, damage, or unauthorized access [ 12 ]. In recent days, cybersecurity is undergoing massive shifts in technology and its operations in the context of computing, and data science (DS) is driving the change, where machine learning (ML), a core part of “Artificial Intelligence” (AI) can play a vital role to discover the insights from data. Machine learning can significantly change the cybersecurity landscape and data science is leading a new scientific paradigm [ 13 , 14 ]. The popularity of these related technologies is increasing day-by-day, which is shown in Fig.  1 , based on the data of the last five years collected from Google Trends [ 15 ]. The figure represents timestamp information in terms of a particular date in the x-axis and corresponding popularity in the range of 0 (minimum) to 100 (maximum) in the y-axis. As shown in Fig.  1 , the popularity indication values of these areas are less than 30 in 2014, while they exceed 70 in 2019, i.e., more than double in terms of increased popularity. In this paper, we focus on cybersecurity data science (CDS), which is broadly related to these areas in terms of security data processing techniques and intelligent decision making in real-world applications. Overall, CDS is security data-focused, applies machine learning methods to quantify cyber risks, and ultimately seeks to optimize cybersecurity operations. Thus, the purpose of this paper is for those academia and industry people who want to study and develop a data-driven smart cybersecurity model based on machine learning techniques. Therefore, great emphasis is placed on a thorough description of various types of machine learning methods, and their relations and usage in the context of cybersecurity. This paper does not describe all of the different techniques used in cybersecurity in detail; instead, it gives an overview of cybersecurity data science modeling based on artificial intelligence, particularly from machine learning perspective.

The ultimate goal of cybersecurity data science is data-driven intelligent decision making from security data for smart cybersecurity solutions. CDS represents a partial paradigm shift from traditional well-known security solutions such as firewalls, user authentication and access control, cryptography systems etc. that might not be effective according to today’s need in cyber industry [ 16 , 17 , 18 , 19 ]. The problems are these are typically handled statically by a few experienced security analysts, where data management is done in an ad-hoc manner [ 20 , 21 ]. However, as an increasing number of cybersecurity incidents in different formats mentioned above continuously appear over time, such conventional solutions have encountered limitations in mitigating such cyber risks. As a result, numerous advanced attacks are created and spread very quickly throughout the Internet. Although several researchers use various data analysis and learning techniques to build cybersecurity models that are summarized in “ Machine learning tasks in cybersecurity ” section, a comprehensive security model based on the effective discovery of security insights and latest security patterns could be more useful. To address this issue, we need to develop more flexible and efficient security mechanisms that can respond to threats and to update security policies to mitigate them intelligently in a timely manner. To achieve this goal, it is inherently required to analyze a massive amount of relevant cybersecurity data generated from various sources such as network and system sources, and to discover insights or proper security policies with minimal human intervention in an automated manner.

Analyzing cybersecurity data and building the right tools and processes to successfully protect against cybersecurity incidents goes beyond a simple set of functional requirements and knowledge about risks, threats or vulnerabilities. For effectively extracting the insights or the patterns of security incidents, several machine learning techniques, such as feature engineering, data clustering, classification, and association analysis, or neural network-based deep learning techniques can be used, which are briefly discussed in “ Machine learning tasks in cybersecurity ” section. These learning techniques are capable to find the anomalies or malicious behavior and data-driven patterns of associated security incidents to make an intelligent decision. Thus, based on the concept of data-driven decision making, we aim to focus on cybersecurity data science , where the data is being gathered from relevant cybersecurity sources such as network activity, database activity, application activity, or user activity, and the analytics complement the latest data-driven patterns for providing corresponding security solutions.

The contributions of this paper are summarized as follows.

We first make a brief discussion on the concept of cybersecurity data science and relevant methods to understand its applicability towards data-driven intelligent decision making in the domain of cybersecurity. For this purpose, we also make a review and brief discussion on different machine learning tasks in cybersecurity, and summarize various cybersecurity datasets highlighting their usage in different data-driven cyber applications.

We then discuss and summarize a number of associated research issues and future directions in the area of cybersecurity data science, that could help both the academia and industry people to further research and development in relevant application areas.

Finally, we provide a generic multi-layered framework of the cybersecurity data science model based on machine learning techniques. In this framework, we briefly discuss how the cybersecurity data science model can be used to discover useful insights from security data and making data-driven intelligent decisions to build smart cybersecurity systems.

The remainder of the paper is organized as follows. “ Background ” section summarizes background of our study and gives an overview of the related technologies of cybersecurity data science. “ Cybersecurity data science ” section defines and discusses briefly about cybersecurity data science including various categories of cyber incidents data. In “  Machine learning tasks in cybersecurity ” section, we briefly discuss various categories of machine learning techniques including their relations with cybersecurity tasks and summarize a number of machine learning based cybersecurity models in the field. “ Research issues and future directions ” section briefly discusses and highlights various research issues and future directions in the area of cybersecurity data science. In “  A multi-layered framework for smart cybersecurity services ” section, we suggest a machine learning-based framework to build cybersecurity data science model and discuss various layers with their roles. In “  Discussion ” section, we highlight several key points regarding our studies. Finally,  “ Conclusion ” section concludes this paper.

In this section, we give an overview of the related technologies of cybersecurity data science including various types of cybersecurity incidents and defense strategies.

• Cybersecurity

Over the last half-century, the information and communication technology (ICT) industry has evolved greatly, which is ubiquitous and closely integrated with our modern society. Thus, protecting ICT systems and applications from cyber-attacks has been greatly concerned by the security policymakers in recent days [ 22 ]. The act of protecting ICT systems from various cyber-threats or attacks has come to be known as cybersecurity [ 9 ]. Several aspects are associated with cybersecurity: measures to protect information and communication technology; the raw data and information it contains and their processing and transmitting; associated virtual and physical elements of the systems; the degree of protection resulting from the application of those measures; and eventually the associated field of professional endeavor [ 23 ]. Craigen et al. defined “cybersecurity as a set of tools, practices, and guidelines that can be used to protect computer networks, software programs, and data from attack, damage, or unauthorized access” [ 24 ]. According to Aftergood et al. [ 12 ], “cybersecurity is a set of technologies and processes designed to protect computers, networks, programs and data from attacks and unauthorized access, alteration, or destruction”. Overall, cybersecurity concerns with the understanding of diverse cyber-attacks and devising corresponding defense strategies that preserve several properties defined as below [ 25 , 26 ].

Confidentiality is a property used to prevent the access and disclosure of information to unauthorized individuals, entities or systems.

Integrity is a property used to prevent any modification or destruction of information in an unauthorized manner.

Availability is a property used to ensure timely and reliable access of information assets and systems to an authorized entity.

The term cybersecurity applies in a variety of contexts, from business to mobile computing, and can be divided into several common categories. These are - network security that mainly focuses on securing a computer network from cyber attackers or intruders; application security that takes into account keeping the software and the devices free of risks or cyber-threats; information security that mainly considers security and the privacy of relevant data; operational security that includes the processes of handling and protecting data assets. Typical cybersecurity systems are composed of network security systems and computer security systems containing a firewall, antivirus software, or an intrusion detection system [ 27 ].

Cyberattacks and security risks

The risks typically associated with any attack, which considers three security factors, such as threats, i.e., who is attacking, vulnerabilities, i.e., the weaknesses they are attacking, and impacts, i.e., what the attack does [ 9 ]. A security incident is an act that threatens the confidentiality, integrity, or availability of information assets and systems. Several types of cybersecurity incidents that may result in security risks on an organization’s systems and networks or an individual [ 2 ]. These are:

Unauthorized access that describes the act of accessing information to network, systems or data without authorization that results in a violation of a security policy [ 2 ];

Malware known as malicious software, is any program or software that intentionally designed to cause damage to a computer, client, server, or computer network, e.g., botnets. Examples of different types of malware including computer viruses, worms, Trojan horses, adware, ransomware, spyware, malicious bots, etc. [ 3 , 26 ]; Ransom malware, or ransomware , is an emerging form of malware that prevents users from accessing their systems or personal files, or the devices, then demands an anonymous online payment in order to restore access.

Denial-of-Service is an attack meant to shut down a machine or network, making it inaccessible to its intended users by flooding the target with traffic that triggers a crash. The Denial-of-Service (DoS) attack typically uses one computer with an Internet connection, while distributed denial-of-service (DDoS) attack uses multiple computers and Internet connections to flood the targeted resource [ 2 ];

Phishing a type of social engineering , used for a broad range of malicious activities accomplished through human interactions, in which the fraudulent attempt takes part to obtain sensitive information such as banking and credit card details, login credentials, or personally identifiable information by disguising oneself as a trusted individual or entity via an electronic communication such as email, text, or instant message, etc. [ 26 ];

Zero-day attack is considered as the term that is used to describe the threat of an unknown security vulnerability for which either the patch has not been released or the application developers were unaware [ 4 , 28 ].

Beside these attacks mentioned above, privilege escalation [ 29 ], password attack [ 30 ], insider threat [ 31 ], man-in-the-middle [ 32 ], advanced persistent threat [ 33 ], SQL injection attack [ 34 ], cryptojacking attack [ 35 ], web application attack [ 30 ] etc. are well-known as security incidents in the field of cybersecurity. A data breach is another type of security incident, known as a data leak, which is involved in the unauthorized access of data by an individual, application, or service [ 5 ]. Thus, all data breaches are considered as security incidents, however, all the security incidents are not data breaches. Most data breaches occur in the banking industry involving the credit card numbers, personal information, followed by the healthcare sector and the public sector [ 36 ].

Cybersecurity defense strategies

Defense strategies are needed to protect data or information, information systems, and networks from cyber-attacks or intrusions. More granularly, they are responsible for preventing data breaches or security incidents and monitoring and reacting to intrusions, which can be defined as any kind of unauthorized activity that causes damage to an information system [ 37 ]. An intrusion detection system (IDS) is typically represented as “a device or software application that monitors a computer network or systems for malicious activity or policy violations” [ 38 ]. The traditional well-known security solutions such as anti-virus, firewalls, user authentication, access control, data encryption and cryptography systems, however might not be effective according to today’s need in the cyber industry

[ 16 , 17 , 18 , 19 ]. On the other hand, IDS resolves the issues by analyzing security data from several key points in a computer network or system [ 39 , 40 ]. Moreover, intrusion detection systems can be used to detect both internal and external attacks.

Intrusion detection systems are different categories according to the usage scope. For instance, a host-based intrusion detection system (HIDS), and network intrusion detection system (NIDS) are the most common types based on the scope of single computers to large networks. In a HIDS, the system monitors important files on an individual system, while it analyzes and monitors network connections for suspicious traffic in a NIDS. Similarly, based on methodologies, the signature-based IDS, and anomaly-based IDS are the most well-known variants [ 37 ].

Signature-based IDS : A signature can be a predefined string, pattern, or rule that corresponds to a known attack. A particular pattern is identified as the detection of corresponding attacks in a signature-based IDS. An example of a signature can be known patterns or a byte sequence in a network traffic, or sequences used by malware. To detect the attacks, anti-virus software uses such types of sequences or patterns as a signature while performing the matching operation. Signature-based IDS is also known as knowledge-based or misuse detection [ 41 ]. This technique can be efficient to process a high volume of network traffic, however, is strictly limited to the known attacks only. Thus, detecting new attacks or unseen attacks is one of the biggest challenges faced by this signature-based system.

Anomaly-based IDS : The concept of anomaly-based detection overcomes the issues of signature-based IDS discussed above. In an anomaly-based intrusion detection system, the behavior of the network is first examined to find dynamic patterns, to automatically create a data-driven model, to profile the normal behavior, and thus it detects deviations in the case of any anomalies [ 41 ]. Thus, anomaly-based IDS can be treated as a dynamic approach, which follows behavior-oriented detection. The main advantage of anomaly-based IDS is the ability to identify unknown or zero-day attacks [ 42 ]. However, the issue is that the identified anomaly or abnormal behavior is not always an indicator of intrusions. It sometimes may happen because of several factors such as policy changes or offering a new service.

In addition, a hybrid detection approach [ 43 , 44 ] that takes into account both the misuse and anomaly-based techniques discussed above can be used to detect intrusions. In a hybrid system, the misuse detection system is used for detecting known types of intrusions and anomaly detection system is used for novel attacks [ 45 ]. Beside these approaches, stateful protocol analysis can also be used to detect intrusions that identifies deviations of protocol state similarly to the anomaly-based method, however it uses predetermined universal profiles based on accepted definitions of benign activity [ 41 ]. In Table 1 , we have summarized these common approaches highlighting their pros and cons. Once the detecting has been completed, the intrusion prevention system (IPS) that is intended to prevent malicious events, can be used to mitigate the risks in different ways such as manual, providing notification, or automatic process [ 46 ]. Among these approaches, an automatic response system could be more effective as it does not involve a human interface between the detection and response systems.

• Data science

We are living in the age of data, advanced analytics, and data science, which are related to data-driven intelligent decision making. Although, the process of searching patterns or discovering hidden and interesting knowledge from data is known as data mining [ 47 ], in this paper, we use the broader term “data science” rather than data mining. The reason is that, data science, in its most fundamental form, is all about understanding of data. It involves studying, processing, and extracting valuable insights from a set of information. In addition to data mining, data analytics is also related to data science. The development of data mining, knowledge discovery, and machine learning that refers creating algorithms and program which learn on their own, together with the original data analysis and descriptive analytics from the statistical perspective, forms the general concept of “data analytics” [ 47 ]. Nowadays, many researchers use the term “data science” to describe the interdisciplinary field of data collection, preprocessing, inferring, or making decisions by analyzing the data. To understand and analyze the actual phenomena with data, various scientific methods, machine learning techniques, processes, and systems are used, which is commonly known as data science. According to Cao et al. [ 47 ] “data science is a new interdisciplinary field that synthesizes and builds on statistics, informatics, computing, communication, management, and sociology to study data and its environments, to transform data to insights and decisions by following a data-to-knowledge-to-wisdom thinking and methodology”. As a high-level statement in the context of cybersecurity, we can conclude that it is the study of security data to provide data-driven solutions for the given security problems, as known as “the science of cybersecurity data”. Figure 2 shows the typical data-to-insight-to-decision transfer at different periods and general analytic stages in data science, in terms of a variety of analytics goals (G) and approaches (A) to achieve the data-to-decision goal [ 47 ].

Data-to-insight-to-decision analytic stages in data science [ 47 ]

Based on the analytic power of data science including machine learning techniques, it can be a viable component of security strategies. By using data science techniques, security analysts can manipulate and analyze security data more effectively and efficiently, uncovering valuable insights from data. Thus, data science methodologies including machine learning techniques can be well utilized in the context of cybersecurity, in terms of problem understanding, gathering security data from diverse sources, preparing data to feed into the model, data-driven model building and updating, for providing smart security services, which motivates to define cybersecurity data science and to work in this research area.

Cybersecurity data science

In this section, we briefly discuss cybersecurity data science including various categories of cyber incidents data with the usage in different application areas, and the key terms and areas related to our study.

Understanding cybersecurity data

Data science is largely driven by the availability of data [ 48 ]. Datasets typically represent a collection of information records that consist of several attributes or features and related facts, in which cybersecurity data science is based on. Thus, it’s important to understand the nature of cybersecurity data containing various types of cyberattacks and relevant features. The reason is that raw security data collected from relevant cyber sources can be used to analyze the various patterns of security incidents or malicious behavior, to build a data-driven security model to achieve our goal. Several datasets exist in the area of cybersecurity including intrusion analysis, malware analysis, anomaly, fraud, or spam analysis that are used for various purposes. In Table 2 , we summarize several such datasets including their various features and attacks that are accessible on the Internet, and highlight their usage based on machine learning techniques in different cyber applications. Effectively analyzing and processing of these security features, building target machine learning-based security model according to the requirements, and eventually, data-driven decision making, could play a role to provide intelligent cybersecurity services that are discussed briefly in “ A multi-layered framework for smart cybersecurity services ” section.

Defining cybersecurity data science

Data science is transforming the world’s industries. It is critically important for the future of intelligent cybersecurity systems and services because of “security is all about data”. When we seek to detect cyber threats, we are analyzing the security data in the form of files, logs, network packets, or other relevant sources. Traditionally, security professionals didn’t use data science techniques to make detections based on these data sources. Instead, they used file hashes, custom-written rules like signatures, or manually defined heuristics [ 21 ]. Although these techniques have their own merits in several cases, it needs too much manual work to keep up with the changing cyber threat landscape. On the contrary, data science can make a massive shift in technology and its operations, where machine learning algorithms can be used to learn or extract insight of security incident patterns from the training data for their detection and prevention. For instance, to detect malware or suspicious trends, or to extract policy rules, these techniques can be used.

In recent days, the entire security industry is moving towards data science, because of its capability to transform raw data into decision making. To do this, several data-driven tasks can be associated, such as—(i) data engineering focusing practical applications of data gathering and analysis; (ii) reducing data volume that deals with filtering significant and relevant data to further analysis; (iii) discovery and detection that focuses on extracting insight or incident patterns or knowledge from data; (iv) automated models that focus on building data-driven intelligent security model; (v) targeted security  alerts focusing on the generation of remarkable security alerts based on discovered knowledge that minimizes the false alerts, and (vi) resource optimization that deals with the available resources to achieve the target goals in a security system. While making data-driven decisions, behavioral analysis could also play a significant role in the domain of cybersecurity [ 81 ].

Thus, the concept of cybersecurity data science incorporates the methods and techniques of data science and machine learning as well as the behavioral analytics of various security incidents. The combination of these technologies has given birth to the term “cybersecurity data science”, which refers to collect a large amount of security event data from different sources and analyze it using machine learning technologies for detecting security risks or attacks either through the discovery of useful insights or the latest data-driven patterns. It is, however, worth remembering that cybersecurity data science is not just about a collection of machine learning algorithms, rather,  a process that can help security professionals or analysts to scale and automate their security activities in a smart way and in a timely manner. Therefore, the formal definition can be as follows: “Cybersecurity data science is a research or working area existing at the intersection of cybersecurity, data science, and machine learning or artificial intelligence, which is mainly security data-focused, applies machine learning methods, attempts to quantify cyber-risks or incidents, and promotes inferential techniques to analyze behavioral patterns in security data. It also focuses on generating security response alerts, and eventually seeks for optimizing cybersecurity solutions, to build automated and intelligent cybersecurity systems.”

Table  3 highlights some key terms associated with cybersecurity data science. Overall, the outputs of cybersecurity data science are typically security data products, which can be a data-driven security model, policy rule discovery, risk or attack prediction, potential security service and recommendation, or the corresponding security system depending on the given security problem in the domain of cybersecurity. In the next section, we briefly discuss various machine learning tasks with examples within the scope of our study.

Machine learning tasks in cybersecurity

Machine learning (ML) is typically considered as a branch of “Artificial Intelligence”, which is closely related to computational statistics, data mining and analytics, data science, particularly focusing on making the computers to learn from data [ 82 , 83 ]. Thus, machine learning models typically comprise of a set of rules, methods, or complex “transfer functions” that can be applied to find interesting data patterns, or to recognize or predict behavior [ 84 ], which could play an important role in the area of cybersecurity. In the following, we discuss different methods that can be used to solve machine learning tasks and how they are related to cybersecurity tasks.

Supervised learning

Supervised learning is performed when specific targets are defined to reach from a certain set of inputs, i.e., task-driven approach. In the area of machine learning, the most popular supervised learning techniques are known as classification and regression methods [ 129 ]. These techniques are popular to classify or predict the future for a particular security problem. For instance, to predict denial-of-service attack (yes, no) or to identify different classes of network attacks such as scanning and spoofing, classification techniques can be used in the cybersecurity domain. ZeroR [ 83 ], OneR [ 130 ], Navies Bayes [ 131 ], Decision Tree [ 132 , 133 ], K-nearest neighbors [ 134 ], support vector machines [ 135 ], adaptive boosting [ 136 ], and logistic regression [ 137 ] are the well-known classification techniques. In addition, recently Sarker et al. have proposed BehavDT [ 133 ], and IntruDtree [ 106 ] classification techniques that are able to effectively build a data-driven predictive model. On the other hand, to predict the continuous or numeric value, e.g., total phishing attacks in a certain period or predicting the network packet parameters, regression techniques are useful. Regression analyses can also be used to detect the root causes of cybercrime and other types of fraud [ 138 ]. Linear regression [ 82 ], support vector regression [ 135 ] are the popular regression techniques. The main difference between classification and regression is that the output variable in the regression is numerical or continuous, while the predicted output for classification is categorical or discrete. Ensemble learning is an extension of supervised learning while mixing different simple models, e.g., Random Forest learning [ 139 ] that generates multiple decision trees to solve a particular security task.

Unsupervised learning

In unsupervised learning problems, the main task is to find patterns, structures, or knowledge in unlabeled data, i.e., data-driven approach [ 140 ]. In the area of cybersecurity, cyber-attacks like malware stays hidden in some ways, include changing their behavior dynamically and autonomously to avoid detection. Clustering techniques, a type of unsupervised learning, can help to uncover the hidden patterns and structures from the datasets, to identify indicators of such sophisticated attacks. Similarly, in identifying anomalies, policy violations, detecting, and eliminating noisy instances in data, clustering techniques can be useful. K-means [ 141 ], K-medoids [ 142 ] are the popular partitioning clustering algorithms, and single linkage [ 143 ] or complete linkage [ 144 ] are the well-known hierarchical clustering algorithms used in various application domains. Moreover, a bottom-up clustering approach proposed by Sarker et al. [ 145 ] can also be used by taking into account the data characteristics.

Besides, feature engineering tasks like optimal feature selection or extraction related to a particular security problem could be useful for further analysis [ 106 ]. Recently, Sarker et al. [ 106 ] have proposed an approach for selecting security features according to their importance score values. Moreover, Principal component analysis, linear discriminant analysis, pearson correlation analysis, or non-negative matrix factorization are the popular dimensionality reduction techniques to solve such issues [ 82 ]. Association rule learning is another example, where machine learning based policy rules can prevent cyber-attacks. In an expert system, the rules are usually manually defined by a knowledge engineer working in collaboration with a domain expert [ 37 , 140 , 146 ]. Association rule learning on the contrary, is the discovery of rules or relationships among a set of available security features or attributes in a given dataset [ 147 ]. To quantify the strength of relationships, correlation analysis can be used [ 138 ]. Many association rule mining algorithms have been proposed in the area of machine learning and data mining literature, such as logic-based [ 148 ], frequent pattern based [ 149 , 150 , 151 ], tree-based [ 152 ], etc. Recently, Sarker et al. [ 153 ] have proposed an association rule learning approach considering non-redundant generation, that can be used to discover a set of useful security policy rules. Moreover, AIS [ 147 ], Apriori [ 149 ], Apriori-TID and Apriori-Hybrid [ 149 ], FP-Tree [ 152 ], and RARM [ 154 ], and Eclat [ 155 ] are the well-known association rule learning algorithms that are capable to solve such problems by generating a set of policy rules in the domain of cybersecurity.

Neural networks and deep learning

Deep learning is a part of machine learning in the area of artificial intelligence, which is a computational model that is inspired by the biological neural networks in the human brain [ 82 ]. Artificial Neural Network (ANN) is frequently used in deep learning and the most popular neural network algorithm is backpropagation [ 82 ]. It performs learning on a multi-layer feed-forward neural network consists of an input layer, one or more hidden layers, and an output layer. The main difference between deep learning and classical machine learning is its performance on the amount of security data increases. Typically deep learning algorithms perform well when the data volumes are large, whereas machine learning algorithms perform comparatively better on small datasets [ 44 ]. In our earlier work, Sarker et al. [ 129 ], we have illustrated the effectiveness of these approaches considering contextual datasets. However, deep learning approaches mimic the human brain mechanism to interpret large amount of data or the complex data such as images, sounds and texts [ 44 , 129 ]. In terms of feature extraction to build models, deep learning reduces the effort of designing a feature extractor for each problem than the classical machine learning techniques. Beside these characteristics, deep learning typically takes a long time to train an algorithm than a machine learning algorithm, however, the test time is exactly the opposite [ 44 ]. Thus, deep learning relies more on high-performance machines with GPUs than classical machine-learning algorithms [ 44 , 156 ]. The most popular deep neural network learning models include multi-layer perceptron (MLP) [ 157 ], convolutional neural network (CNN) [ 158 ], recurrent neural network (RNN) or long-short term memory (LSTM) network [ 121 , 158 ]. In recent days, researchers use these deep learning techniques for different purposes such as detecting network intrusions, malware traffic detection and classification, etc. in the domain of cybersecurity [ 44 , 159 ].

Other learning techniques

Semi-supervised learning can be described as a hybridization of supervised and unsupervised techniques discussed above, as it works on both the labeled and unlabeled data. In the area of cybersecurity, it could be useful, when it requires to label data automatically without human intervention, to improve the performance of cybersecurity models. Reinforcement techniques are another type of machine learning that characterizes an agent by creating its own learning experiences through interacting directly with the environment, i.e., environment-driven approach, where the environment is typically formulated as a Markov decision process and take decision based on a reward function [ 160 ]. Monte Carlo learning, Q-learning, Deep Q Networks, are the most common reinforcement learning algorithms [ 161 ]. For instance, in a recent work [ 126 ], the authors present an approach for detecting botnet traffic or malicious cyber activities using reinforcement learning combining with neural network classifier. In another work [ 128 ], the authors discuss about the application of deep reinforcement learning to intrusion detection for supervised problems, where they received the best results for the Deep Q-Network algorithm. In the context of cybersecurity, genetic algorithms that use fitness, selection, crossover, and mutation for finding optimization, could also be used to solve a similar class of learning problems [ 119 ].

Various types of machine learning techniques discussed above can be useful in the domain of cybersecurity, to build an effective security model. In Table  4 , we have summarized several machine learning techniques that are used to build various types of security models for various purposes. Although these models typically represent a learning-based security model, in this paper, we aim to focus on a comprehensive cybersecurity data science model and relevant issues, in order to build a data-driven intelligent security system. In the next section, we highlight several research issues and potential solutions in the area of cybersecurity data science.

Research issues and future directions

Our study opens several research issues and challenges in the area of cybersecurity data science to extract insight from relevant data towards data-driven intelligent decision making for cybersecurity solutions. In the following, we summarize these challenges ranging from data collection to decision making.

Cybersecurity datasets : Source datasets are the primary component to work in the area of cybersecurity data science. Most of the existing datasets are old and might insufficient in terms of understanding the recent behavioral patterns of various cyber-attacks. Although the data can be transformed into a meaningful understanding level after performing several processing tasks, there is still a lack of understanding of the characteristics of recent attacks and their patterns of happening. Thus, further processing or machine learning algorithms may provide a low accuracy rate for making the target decisions. Therefore, establishing a large number of recent datasets for a particular problem domain like cyber risk prediction or intrusion detection is needed, which could be one of the major challenges in cybersecurity data science.

Handling quality problems in cybersecurity datasets : The cyber datasets might be noisy, incomplete, insignificant, imbalanced, or may contain inconsistency instances related to a particular security incident. Such problems in a data set may affect the quality of the learning process and degrade the performance of the machine learning-based models [ 162 ]. To make a data-driven intelligent decision for cybersecurity solutions, such problems in data is needed to deal effectively before building the cyber models. Therefore, understanding such problems in cyber data and effectively handling such problems using existing algorithms or newly proposed algorithm for a particular problem domain like malware analysis or intrusion detection and prevention is needed, which could be another research issue in cybersecurity data science.

Security policy rule generation : Security policy rules reference security zones and enable a user to allow, restrict, and track traffic on the network based on the corresponding user or user group, and service, or the application. The policy rules including the general and more specific rules are compared against the incoming traffic in sequence during the execution, and the rule that matches the traffic is applied. The policy rules used in most of the cybersecurity systems are static and generated by human expertise or ontology-based [ 163 , 164 ]. Although, association rule learning techniques produce rules from data, however, there is a problem of redundancy generation [ 153 ] that makes the policy rule-set complex. Therefore, understanding such problems in policy rule generation and effectively handling such problems using existing algorithms or newly proposed algorithm for a particular problem domain like access control [ 165 ] is needed, which could be another research issue in cybersecurity data science.

Hybrid learning method : Most commercial products in the cybersecurity domain contain signature-based intrusion detection techniques [ 41 ]. However, missing features or insufficient profiling can cause these techniques to miss unknown attacks. In that case, anomaly-based detection techniques or hybrid technique combining signature-based and anomaly-based can be used to overcome such issues. A hybrid technique combining multiple learning techniques or a combination of deep learning and machine-learning methods can be used to extract the target insight for a particular problem domain like intrusion detection, malware analysis, access control, etc. and make the intelligent decision for corresponding cybersecurity solutions.

Protecting the valuable security information : Another issue of a cyber data attack is the loss of extremely valuable data and information, which could be damaging for an organization. With the use of encryption or highly complex signatures, one can stop others from probing into a dataset. In such cases, cybersecurity data science can be used to build a data-driven impenetrable protocol to protect such security information. To achieve this goal, cyber analysts can develop algorithms by analyzing the history of cyberattacks to detect the most frequently targeted chunks of data. Thus, understanding such data protecting problems and designing corresponding algorithms to effectively handling these problems, could be another research issue in the area of cybersecurity data science.

Context-awareness in cybersecurity : Existing cybersecurity work mainly originates from the relevant cyber data containing several low-level features. When data mining and machine learning techniques are applied to such datasets, a related pattern can be identified that describes it properly. However, a broader contextual information [ 140 , 145 , 166 ] like temporal, spatial, relationship among events or connections, dependency can be used to decide whether there exists a suspicious activity or not. For instance, some approaches may consider individual connections as DoS attacks, while security experts might not treat them as malicious by themselves. Thus, a significant limitation of existing cybersecurity work is the lack of using the contextual information for predicting risks or attacks. Therefore, context-aware adaptive cybersecurity solutions could be another research issue in cybersecurity data science.

Feature engineering in cybersecurity : The efficiency and effectiveness of a machine learning-based security model has always been a major challenge due to the high volume of network data with a large number of traffic features. The large dimensionality of data has been addressed using several techniques such as principal component analysis (PCA) [ 167 ], singular value decomposition (SVD) [ 168 ] etc. In addition to low-level features in the datasets, the contextual relationships between suspicious activities might be relevant. Such contextual data can be stored in an ontology or taxonomy for further processing. Thus how to effectively select the optimal features or extract the significant features considering both the low-level features as well as the contextual features, for effective cybersecurity solutions could be another research issue in cybersecurity data science.

Remarkable security alert generation and prioritizing : In many cases, the cybersecurity system may not be well defined and may cause a substantial number of false alarms that are unexpected in an intelligent system. For instance, an IDS deployed in a real-world network generates around nine million alerts per day [ 169 ]. A network-based intrusion detection system typically looks at the incoming traffic for matching the associated patterns to detect risks, threats or vulnerabilities and generate security alerts. However, to respond to each such alert might not be effective as it consumes relatively huge amounts of time and resources, and consequently may result in a self-inflicted DoS. To overcome this problem, a high-level management is required that correlate the security alerts considering the current context and their logical relationship including their prioritization before reporting them to users, which could be another research issue in cybersecurity data science.

Recency analysis in cybersecurity solutions : Machine learning-based security models typically use a large amount of static data to generate data-driven decisions. Anomaly detection systems rely on constructing such a model considering normal behavior and anomaly, according to their patterns. However, normal behavior in a large and dynamic security system is not well defined and it may change over time, which can be considered as an incremental growing of dataset. The patterns in incremental datasets might be changed in several cases. This often results in a substantial number of false alarms known as false positives. Thus, a recent malicious behavioral pattern is more likely to be interesting and significant than older ones for predicting unknown attacks. Therefore, effectively using the concept of recency analysis [ 170 ] in cybersecurity solutions could be another issue in cybersecurity data science.

The most important work for an intelligent cybersecurity system is to develop an effective framework that supports data-driven decision making. In such a framework, we need to consider advanced data analysis based on machine learning techniques, so that the framework is capable to minimize these issues and to provide automated and intelligent security services. Thus, a well-designed security framework for cybersecurity data and the experimental evaluation is a very important direction and a big challenge as well. In the next section, we suggest and discuss a data-driven cybersecurity framework based on machine learning techniques considering multiple processing layers.

A multi-layered framework for smart cybersecurity services

As discussed earlier, cybersecurity data science is data-focused, applies machine learning methods, attempts to quantify cyber risks, promotes inferential techniques to analyze behavioral patterns, focuses on generating security response alerts, and eventually seeks for optimizing cybersecurity operations. Hence, we briefly discuss a multiple data processing layered framework that potentially can be used to discover security insights from the raw data to build smart cybersecurity systems, e.g., dynamic policy rule-based access control or intrusion detection and prevention system. To make a data-driven intelligent decision in the resultant cybersecurity system, understanding the security problems and the nature of corresponding security data and their vast analysis is needed. For this purpose, our suggested framework not only considers the machine learning techniques to build the security model but also takes into account the incremental learning and dynamism to keep the model up-to-date and corresponding response generation, which could be more effective and intelligent for providing the expected services. Figure 3 shows an overview of the framework, involving several processing layers, from raw security event data to services. In the following, we briefly discuss the working procedure of the framework.

A generic multi-layered framework based on machine learning techniques for smart cybersecurity services

Security data collecting

Collecting valuable cybersecurity data is a crucial step, which forms a connecting link between security problems in cyberinfrastructure and corresponding data-driven solution steps in this framework, shown in Fig.  3 . The reason is that cyber data can serve as the source for setting up ground truth of the security model that affect the model performance. The quality and quantity of cyber data decide the feasibility and effectiveness of solving the security problem according to our goal. Thus, the concern is how to collect valuable and unique needs data for building the data-driven security models.

The general step to collect and manage security data from diverse data sources is based on a particular security problem and project within the enterprise. Data sources can be classified into several broad categories such as network, host, and hybrid [ 171 ]. Within the network infrastructure, the security system can leverage different types of security data such as IDS logs, firewall logs, network traffic data, packet data, and honeypot data, etc. for providing the target security services. For instance, a given IP is considered malicious or not, could be detected by performing data analysis utilizing the data of IP addresses and their cyber activities. In the domain of cybersecurity, the network source mentioned above is considered as the primary security event source to analyze. In the host category, it collects data from an organization’s host machines, where the data sources can be operating system logs, database access logs, web server logs, email logs, application logs, etc. Collecting data from both the network and host machines are considered a hybrid category. Overall, in a data collection layer the network activity, database activity, application activity, and user activity can be the possible security event sources in the context of cybersecurity data science.

Security data preparing

After collecting the raw security data from various sources according to the problem domain discussed above, this layer is responsible to prepare the raw data for building the model by applying various necessary processes. However, not all of the collected data contributes to the model building process in the domain of cybersecurity [ 172 ]. Therefore, the useless data should be removed from the rest of the data captured by the network sniffer. Moreover, data might be noisy, have missing or corrupted values, or have attributes of widely varying types and scales. High quality of data is necessary for achieving higher accuracy in a data-driven model, which is a process of learning a function that maps an input to an output based on example input-output pairs. Thus, it might require a procedure for data cleaning, handling missing or corrupted values. Moreover, security data features or attributes can be in different types, such as continuous, discrete, or symbolic [ 106 ]. Beyond a solid understanding of these types of data and attributes and their permissible operations, its need to preprocess the data and attributes to convert into the target type. Besides, the raw data can be in different types such as structured, semi-structured, or unstructured, etc. Thus, normalization, transformation, or collation can be useful to organize the data in a structured manner. In some cases, natural language processing techniques might be useful depending on data type and characteristics, e.g., textual contents. As both the quality and quantity of data decide the feasibility of solving the security problem, effectively pre-processing and management of data and their representation can play a significant role to build an effective security model for intelligent services.

Machine learning-based security modeling

This is the core step where insights and knowledge are extracted from data through the application of cybersecurity data science. In this section, we particularly focus on machine learning-based modeling as machine learning techniques can significantly change the cybersecurity landscape. The security features or attributes and their patterns in data are of high interest to be discovered and analyzed to extract security insights. To achieve the goal, a deeper understanding of data and machine learning-based analytical models utilizing a large number of cybersecurity data can be effective. Thus, various machine learning tasks can be involved in this model building layer according to the solution perspective. These are - security feature engineering that mainly responsible to transform raw security data into informative features that effectively represent the underlying security problem to the data-driven models. Thus, several data-processing tasks such as feature transformation and normalization, feature selection by taking into account a subset of available security features according to their correlations or importance in modeling, or feature generation and extraction by creating new brand principal components, may be involved in this module according to the security data characteristics. For instance, the chi-squared test, analysis of variance test, correlation coefficient analysis, feature importance, as well as discriminant and principal component analysis, or singular value decomposition, etc. can be used for analyzing the significance of the security features to perform the security feature engineering tasks [ 82 ].

Another significant module is security data clustering that uncovers hidden patterns and structures through huge volumes of security data, to identify where the new threats exist. It typically involves the grouping of security data with similar characteristics, which can be used to solve several cybersecurity problems such as detecting anomalies, policy violations, etc. Malicious behavior or anomaly detection module is typically responsible to identify a deviation to a known behavior, where clustering-based analysis and techniques can also be used to detect malicious behavior or anomaly detection. In the cybersecurity area, attack classification or prediction is treated as one of the most significant modules, which is responsible to build a prediction model to classify attacks or threats and to predict future for a particular security problem. To predict denial-of-service attack or a spam filter separating tasks from other messages, could be the relevant examples. Association learning or policy rule generation module can play a role to build an expert security system that comprises several IF-THEN rules that define attacks. Thus, in a problem of policy rule generation for rule-based access control system, association learning can be used as it discovers the associations or relationships among a set of available security features in a given security dataset. The popular machine learning algorithms in these categories are briefly discussed in “  Machine learning tasks in cybersecurity ” section. The module model selection or customization is responsible to choose whether it uses the existing machine learning model or needed to customize. Analyzing data and building models based on traditional machine learning or deep learning methods, could achieve acceptable results in certain cases in the domain of cybersecurity. However, in terms of effectiveness and efficiency or other performance measurements considering time complexity, generalization capacity, and most importantly the impact of the algorithm on the detection rate of a system, machine learning models are needed to customize for a specific security problem. Moreover, customizing the related techniques and data could improve the performance of the resultant security model and make it better applicable in a cybersecurity domain. The modules discussed above can work separately and combinedly depending on the target security problems.

Incremental learning and dynamism

In our framework, this layer is concerned with finalizing the resultant security model by incorporating additional intelligence according to the needs. This could be possible by further processing in several modules. For instance, the post-processing and improvement module in this layer could play a role to simplify the extracted knowledge according to the particular requirements by incorporating domain-specific knowledge. As the attack classification or prediction models based on machine learning techniques strongly rely on the training data, it can hardly be generalized to other datasets, which could be significant for some applications. To address such kind of limitations, this module is responsible to utilize the domain knowledge in the form of taxonomy or ontology to improve attack correlation in cybersecurity applications.

Another significant module recency mining and updating security model is responsible to keep the security model up-to-date for better performance by extracting the latest data-driven security patterns. The extracted knowledge discussed in the earlier layer is based on a static initial dataset considering the overall patterns in the datasets. However, such knowledge might not be guaranteed higher performance in several cases, because of incremental security data with recent patterns. In many cases, such incremental data may contain different patterns which could conflict with existing knowledge. Thus, the concept of RecencyMiner [ 170 ] on incremental security data and extracting new patterns can be more effective than the existing old patterns. The reason is that recent security patterns and rules are more likely to be significant than older ones for predicting cyber risks or attacks. Rather than processing the whole security data again, recency-based dynamic updating according to the new patterns would be more efficient in terms of processing and outcome. This could make the resultant cybersecurity model intelligent and dynamic. Finally, response planning and decision making module is responsible to make decisions based on the extracted insights and take necessary actions to prevent the system from the cyber-attacks to provide automated and intelligent services. The services might be different depending on particular requirements for a given security problem.

Overall, this framework is a generic description which potentially can be used to discover useful insights from security data, to build smart cybersecurity systems, to address complex security challenges, such as intrusion detection, access control management, detecting anomalies and fraud, or denial of service attacks, etc. in the area of cybersecurity data science.

Although several research efforts have been directed towards cybersecurity solutions, discussed in “ Background ” , “ Cybersecurity data science ”, and “ Machine learning tasks in cybersecurity ” sections in different directions, this paper presents a comprehensive view of cybersecurity data science. For this, we have conducted a literature review to understand cybersecurity data, various defense strategies including intrusion detection techniques, different types of machine learning techniques in cybersecurity tasks. Based on our discussion on existing work, several research issues related to security datasets, data quality problems, policy rule generation, learning methods, data protection, feature engineering, security alert generation, recency analysis etc. are identified that require further research attention in the domain of cybersecurity data science.

The scope of cybersecurity data science is broad. Several data-driven tasks such as intrusion detection and prevention, access control management, security policy generation, anomaly detection, spam filtering, fraud detection and prevention, various types of malware attack detection and defense strategies, etc. can be considered as the scope of cybersecurity data science. Such tasks based categorization could be helpful for security professionals including the researchers and practitioners who are interested in the domain-specific aspects of security systems [ 171 ]. The output of cybersecurity data science can be used in many application areas such as Internet of things (IoT) security [ 173 ], network security [ 174 ], cloud security [ 175 ], mobile and web applications [ 26 ], and other relevant cyber areas. Moreover, intelligent cybersecurity solutions are important for the banking industry, the healthcare sector, or the public sector, where data breaches typically occur [ 36 , 176 ]. Besides, the data-driven security solutions could also be effective in AI-based blockchain technology, where AI works with huge volumes of security event data to extract the useful insights using machine learning techniques, and block-chain as a trusted platform to store such data [ 177 ].

Although in this paper, we discuss cybersecurity data science focusing on examining raw security data to data-driven decision making for intelligent security solutions, it could also be related to big data analytics in terms of data processing and decision making. Big data deals with data sets that are too large or complex having characteristics of high data volume, velocity, and variety. Big data analytics mainly has two parts consisting of data management involving data storage, and analytics [ 178 ]. The analytics typically describe the process of analyzing such datasets to discover patterns, unknown correlations, rules, and other useful insights [ 179 ]. Thus, several advanced data analysis techniques such as AI, data mining, machine learning could play an important role in processing big data by converting big problems to small problems [ 180 ]. To do this, the potential strategies like parallelization, divide-and-conquer, incremental learning, sampling, granular computing, feature or instance selection, can be used to make better decisions, reducing costs, or enabling more efficient processing. In such cases, the concept of cybersecurity data science, particularly machine learning-based modeling could be helpful for process automation and decision making for intelligent security solutions. Moreover, researchers could consider modified algorithms or models for handing big data on parallel computing platforms like Hadoop, Storm, etc. [ 181 ].

Based on the concept of cybersecurity data science discussed in the paper, building a data-driven security model for a particular security problem and relevant empirical evaluation to measure the effectiveness and efficiency of the model, and to asses the usability in the real-world application domain could be a future work.

Motivated by the growing significance of cybersecurity and data science, and machine learning technologies, in this paper, we have discussed how cybersecurity data science applies to data-driven intelligent decision making in smart cybersecurity systems and services. We also have discussed how it can impact security data, both in terms of extracting insight of security incidents and the dataset itself. We aimed to work on cybersecurity data science by discussing the state of the art concerning security incidents data and corresponding security services. We also discussed how machine learning techniques can impact in the domain of cybersecurity, and examine the security challenges that remain. In terms of existing research, much focus has been provided on traditional security solutions, with less available work in machine learning technique based security systems. For each common technique, we have discussed relevant security research. The purpose of this article is to share an overview of the conceptualization, understanding, modeling, and thinking about cybersecurity data science.

We have further identified and discussed various key issues in security analysis to showcase the signpost of future research directions in the domain of cybersecurity data science. Based on the knowledge, we have also provided a generic multi-layered framework of cybersecurity data science model based on machine learning techniques, where the data is being gathered from diverse sources, and the analytics complement the latest data-driven patterns for providing intelligent security services. The framework consists of several main phases - security data collecting, data preparation, machine learning-based security modeling, and incremental learning and dynamism for smart cybersecurity systems and services. We specifically focused on extracting insights from security data, from setting a research design with particular attention to concepts for data-driven intelligent security solutions.

Overall, this paper aimed not only to discuss cybersecurity data science and relevant methods but also to discuss the applicability towards data-driven intelligent decision making in cybersecurity systems and services from machine learning perspectives. Our analysis and discussion can have several implications both for security researchers and practitioners. For researchers, we have highlighted several issues and directions for future research. Other areas for potential research include empirical evaluation of the suggested data-driven model, and comparative analysis with other security systems. For practitioners, the multi-layered machine learning-based model can be used as a reference in designing intelligent cybersecurity systems for organizations. We believe that our study on cybersecurity data science opens a promising path and can be used as a reference guide for both academia and industry for future research and applications in the area of cybersecurity.

Availability of data and materials

Not applicable.

Abbreviations

• Machine learning

Artificial Intelligence

Information and communication technology

Internet of Things

Distributed Denial of Service

Intrusion detection system

Intrusion prevention system

Host-based intrusion detection systems

Network Intrusion Detection Systems

Signature-based intrusion detection system

Anomaly-based intrusion detection system

Li S, Da Xu L, Zhao S. The internet of things: a survey. Inform Syst Front. 2015;17(2):243–59.

Google Scholar  

Sun N, Zhang J, Rimba P, Gao S, Zhang LY, Xiang Y. Data-driven cybersecurity incident prediction: a survey. IEEE Commun Surv Tutor. 2018;21(2):1744–72.

McIntosh T, Jang-Jaccard J, Watters P, Susnjak T. The inadequacy of entropy-based ransomware detection. In: International conference on neural information processing. New York: Springer; 2019. p. 181–189

Alazab M, Venkatraman S, Watters P, Alazab M, et al. Zero-day malware detection based on supervised learning algorithms of api call signatures (2010)

Shaw A. Data breach: from notification to prevention using pci dss. Colum Soc Probs. 2009;43:517.

Gupta BB, Tewari A, Jain AK, Agrawal DP. Fighting against phishing attacks: state of the art and future challenges. Neural Comput Appl. 2017;28(12):3629–54.

Av-test institute, germany, https://www.av-test.org/en/statistics/malware/ . Accessed 20 Oct 2019.

Ibm security report, https://www.ibm.com/security/data-breach . Accessed on 20 Oct 2019.

Fischer EA. Cybersecurity issues and challenges: In brief. Congressional Research Service (2014)

Juniper research. https://www.juniperresearch.com/ . Accessed on 20 Oct 2019.

Papastergiou S, Mouratidis H, Kalogeraki E-M. Cyber security incident handling, warning and response system for the european critical information infrastructures (cybersane). In: International Conference on Engineering Applications of Neural Networks, p. 476–487 (2019). New York: Springer

Aftergood S. Cybersecurity: the cold war online. Nature. 2017;547(7661):30.

Hey AJ, Tansley S, Tolle KM, et al. The fourth paradigm: data-intensive scientific discovery. 2009;1:

Cukier K. Data, data everywhere: A special report on managing information, 2010.

Google trends. In: https://trends.google.com/trends/ , 2019.

Anwar S, Mohamad Zain J, Zolkipli MF, Inayat Z, Khan S, Anthony B, Chang V. From intrusion detection to an intrusion response system: fundamentals, requirements, and future directions. Algorithms. 2017;10(2):39.

MATH   Google Scholar  

Mohammadi S, Mirvaziri H, Ghazizadeh-Ahsaee M, Karimipour H. Cyber intrusion detection by combined feature selection algorithm. J Inform Sec Appl. 2019;44:80–8.

Tapiador JE, Orfila A, Ribagorda A, Ramos B. Key-recovery attacks on kids, a keyed anomaly detection system. IEEE Trans Depend Sec Comput. 2013;12(3):312–25.

Tavallaee M, Stakhanova N, Ghorbani AA. Toward credible evaluation of anomaly-based intrusion-detection methods. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews) 40(5), 516–524 (2010)

Foroughi F, Luksch P. Data science methodology for cybersecurity projects. arXiv preprint arXiv:1803.04219 , 2018.

Saxe J, Sanders H. Malware data science: Attack detection and attribution, 2018.

Rainie L, Anderson J, Connolly J. Cyber attacks likely to increase. Digital Life in. 2014, vol. 2025.

Fischer EA. Creating a national framework for cybersecurity: an analysis of issues and options. LIBRARY OF CONGRESS WASHINGTON DC CONGRESSIONAL RESEARCH SERVICE, 2005.

Craigen D, Diakun-Thibault N, Purse R. Defining cybersecurity. Technology Innovation. Manag Rev. 2014;4(10):13–21.

Council NR. et al. Toward a safer and more secure cyberspace, 2007.

Jang-Jaccard J, Nepal S. A survey of emerging threats in cybersecurity. J Comput Syst Sci. 2014;80(5):973–93.

MathSciNet   MATH   Google Scholar  

Mukkamala S, Sung A, Abraham A. Cyber security challenges: Designing efficient intrusion detection systems and antivirus tools. Vemuri, V. Rao, Enhancing Computer Security with Smart Technology.(Auerbach, 2006), 125–163, 2005.

Bilge L, Dumitraş T. Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM conference on computer and communications security. ACM; 2012. p. 833–44.

Davi L, Dmitrienko A, Sadeghi A-R, Winandy M. Privilege escalation attacks on android. In: International conference on information security. New York: Springer; 2010. p. 346–60.

Jovičić B, Simić D. Common web application attack types and security using asp .net. ComSIS, 2006.

Warkentin M, Willison R. Behavioral and policy issues in information systems security: the insider threat. Eur J Inform Syst. 2009;18(2):101–5.

Kügler D. “man in the middle” attacks on bluetooth. In: International Conference on Financial Cryptography. New York: Springer; 2003, p. 149–61.

Virvilis N, Gritzalis D. The big four-what we did wrong in advanced persistent threat detection. In: 2013 International Conference on Availability, Reliability and Security. IEEE; 2013. p. 248–54.

Boyd SW, Keromytis AD. Sqlrand: Preventing sql injection attacks. In: International conference on applied cryptography and network security. New York: Springer; 2004. p. 292–302.

Sigler K. Crypto-jacking: how cyber-criminals are exploiting the crypto-currency boom. Comput Fraud Sec. 2018;2018(9):12–4.

2019 data breach investigations report, https://enterprise.verizon.com/resources/reports/dbir/ . Accessed 20 Oct 2019.

Khraisat A, Gondal I, Vamplew P, Kamruzzaman J. Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity. 2019;2(1):20.

Johnson L. Computer incident response and forensics team management: conducting a successful incident response, 2013.

Brahmi I, Brahmi H, Yahia SB. A multi-agents intrusion detection system using ontology and clustering techniques. In: IFIP international conference on computer science and its applications. New York: Springer; 2015. p. 381–93.

Qu X, Yang L, Guo K, Ma L, Sun M, Ke M, Li M. A survey on the development of self-organizing maps for unsupervised intrusion detection. In: Mobile networks and applications. 2019;1–22.

Liao H-J, Lin C-HR, Lin Y-C, Tung K-Y. Intrusion detection system: a comprehensive review. J Netw Comput Appl. 2013;36(1):16–24.

Alazab A, Hobbs M, Abawajy J, Alazab M. Using feature selection for intrusion detection system. In: 2012 International symposium on communications and information technologies (ISCIT). IEEE; 2012. p. 296–301.

Viegas E, Santin AO, Franca A, Jasinski R, Pedroni VA, Oliveira LS. Towards an energy-efficient anomaly-based intrusion detection engine for embedded systems. IEEE Trans Comput. 2016;66(1):163–77.

Xin Y, Kong L, Liu Z, Chen Y, Li Y, Zhu H, Gao M, Hou H, Wang C. Machine learning and deep learning methods for cybersecurity. IEEE Access. 2018;6:35365–81.

Dutt I, Borah S, Maitra IK, Bhowmik K, Maity A, Das S. Real-time hybrid intrusion detection system using machine learning techniques. 2018, p. 885–94.

Ragsdale DJ, Carver C, Humphries JW, Pooch UW. Adaptation techniques for intrusion detection and intrusion response systems. In: Smc 2000 conference proceedings. 2000 IEEE international conference on systems, man and cybernetics.’cybernetics evolving to systems, humans, organizations, and their complex interactions’(cat. No. 0). IEEE; 2000. vol. 4, p. 2344–2349.

Cao L. Data science: challenges and directions. Commun ACM. 2017;60(8):59–68.

Rizk A, Elragal A. Data science: developing theoretical contributions in information systems via text analytics. J Big Data. 2020;7(1):1–26.

Lippmann RP, Fried DJ, Graf I, Haines JW, Kendall KR, McClung D, Weber D, Webster SE, Wyschogrod D, Cunningham RK, et al. Evaluating intrusion detection systems: The 1998 darpa off-line intrusion detection evaluation. In: Proceedings DARPA information survivability conference and exposition. DISCEX’00. IEEE; 2000. vol. 2, p. 12–26.

Kdd cup 99. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html . Accessed 20 Oct 2019.

Tavallaee M, Bagheri E, Lu W, Ghorbani AA. A detailed analysis of the kdd cup 99 data set. In: 2009 IEEE symposium on computational intelligence for security and defense applications. IEEE; 2009. p. 1–6.

Caida ddos attack 2007 dataset. http://www.caida.org/data/ passive/ddos-20070804-dataset.xml/ . Accessed 20 Oct 2019.

Caida anonymized internet traces 2008 dataset. https://www.caida.org/data/passive/passive-2008-dataset . Accessed 20 Oct 2019.

Isot botnet dataset. https://www.uvic.ca/engineering/ece/isot/ datasets/index.php/ . Accessed 20 Oct 2019.

The honeynet project. http://www.honeynet.org/chapters/france/ . Accessed 20 Oct 2019.

Canadian institute of cybersecurity, university of new brunswick, iscx dataset, http://www.unb.ca/cic/datasets/index.html/ . Accessed 20 Oct 2019.

Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur. 2012;31(3):357–74.

The ctu-13 dataset. https://stratosphereips.org/category/datasets-ctu13 . Accessed 20 Oct 2019.

Moustafa N, Slay J. Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS). IEEE; 2015. p. 1–6.

Cse-cic-ids2018 [online]. available: https://www.unb.ca/cic/ datasets/ids-2018.html/ . Accessed 20 Oct 2019.

Cic-ddos2019 [online]. available: https://www.unb.ca/cic/datasets/ddos-2019.html/ . Accessed 28 Mar 2019.

Jing X, Yan Z, Jiang X, Pedrycz W. Network traffic fusion and analysis against ddos flooding attacks with a novel reversible sketch. Inform Fusion. 2019;51:100–13.

Xie M, Hu J, Yu X, Chang E. Evaluating host-based anomaly detection systems: application of the frequency-based algorithms to adfa-ld. In: International conference on network and system security. New York: Springer; 2015. p. 542–49.

Lindauer B, Glasser J, Rosen M, Wallnau KC, ExactData L. Generating test data for insider threat detectors. JoWUA. 2014;5(2):80–94.

Glasser J, Lindauer B. Bridging the gap: A pragmatic approach to generating insider threat data. In: 2013 IEEE Security and Privacy Workshops. IEEE; 2013. p. 98–104.

Enronspam. https://labs-repos.iit.demokritos.gr/skel/i-config/downloads/enron-spam/ . Accessed 20 Oct 2019.

Spamassassin. http://www.spamassassin.org/publiccorpus/ . Accessed 20 Oct 2019.

Lingspam. https://labs-repos.iit.demokritos.gr/skel/i-config/downloads/lingspampublic.tar.gz/ . Accessed 20 Oct 2019.

Alexa top sites. https://aws.amazon.com/alexa-top-sites/ . Accessed 20 Oct 2019.

Bambenek consulting—master feeds. available online: http://osint.bambenekconsulting.com/feeds/ . Accessed 20 Oct 2019.

Dgarchive. https://dgarchive.caad.fkie.fraunhofer.de/site/ . Accessed 20 Oct 2019.

Zago M, Pérez MG, Pérez GM. Umudga: A dataset for profiling algorithmically generated domain names in botnet detection. Data in Brief. 2020;105400.

Zhou Y, Jiang X. Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on security and privacy. IEEE; 2012. p. 95–109.

Virusshare. http://virusshare.com/ . Accessed 20 Oct 2019.

Virustotal. https://virustotal.com/ . Accessed 20 Oct 2019.

Comodo. https://www.comodo.com/home/internet-security/updates/vdp/database . Accessed 20 Oct 2019.

Contagio. http://contagiodump.blogspot.com/ . Accessed 20 Oct 2019.

Kumar R, Xiaosong Z, Khan RU, Kumar J, Ahad I. Effective and explainable detection of android malware based on machine learning algorithms. In: Proceedings of the 2018 international conference on computing and artificial intelligence. ACM; 2018. p. 35–40.

Microsoft malware classification (big 2015). arXiv:org/abs/1802.10135/ . Accessed 20 Oct 2019.

Koroniotis N, Moustafa N, Sitnikova E, Turnbull B. Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: bot-iot dataset. Future Gen Comput Syst. 2019;100:779–96.

McIntosh TR, Jang-Jaccard J, Watters PA. Large scale behavioral analysis of ransomware attacks. In: International conference on neural information processing. New York: Springer; 2018. p. 217–29.

Han J, Pei J, Kamber M. Data mining: concepts and techniques, 2011.

Witten IH, Frank E. Data mining: Practical machine learning tools and techniques, 2005.

Dua S, Du X. Data mining and machine learning in cybersecurity, 2016.

Kotpalliwar MV, Wajgi R. Classification of attacks using support vector machine (svm) on kddcup’99 ids database. In: 2015 Fifth international conference on communication systems and network technologies. IEEE; 2015. p. 987–90.

Pervez MS, Farid DM. Feature selection and intrusion classification in nsl-kdd cup 99 dataset employing svms. In: The 8th international conference on software, knowledge, information management and applications (SKIMA 2014). IEEE; 2014. p. 1–6.

Yan M, Liu Z. A new method of transductive svm-based network intrusion detection. In: International conference on computer and computing technologies in agriculture. New York: Springer; 2010. p. 87–95.

Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K. An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl. 2012;39(1):424–30.

Raman MG, Somu N, Jagarapu S, Manghnani T, Selvam T, Krithivasan K, Sriram VS. An efficient intrusion detection technique based on support vector machine and improved binary gravitational search algorithm. Artificial Intelligence Review. 2019, p. 1–32.

Kokila R, Selvi ST, Govindarajan K. Ddos detection and analysis in sdn-based environment using support vector machine classifier. In: 2014 Sixth international conference on advanced computing (ICoAC). IEEE; 2014. p. 205–10.

Xie M, Hu J, Slay J. Evaluating host-based anomaly detection systems: Application of the one-class svm algorithm to adfa-ld. In: 2014 11th international conference on fuzzy systems and knowledge discovery (FSKD). IEEE; 2014. p. 978–82.

Saxena H, Richariya V. Intrusion detection in kdd99 dataset using svm-pso and feature reduction with information gain. Int J Comput Appl. 2014;98:6.

Chandrasekhar A, Raghuveer K. Confederation of fcm clustering, ann and svm techniques to implement hybrid nids using corrected kdd cup 99 dataset. In: 2014 international conference on communication and signal processing. IEEE; 2014. p. 672–76.

Shapoorifard H, Shamsinejad P. Intrusion detection using a novel hybrid method incorporating an improved knn. Int J Comput Appl. 2017;173(1):5–9.

Vishwakarma S, Sharma V, Tiwari A. An intrusion detection system using knn-aco algorithm. Int J Comput Appl. 2017;171(10):18–23.

Meng W, Li W, Kwok L-F. Design of intelligent knn-based alarm filter using knowledge-based alert verification in intrusion detection. Secur Commun Netw. 2015;8(18):3883–95.

Dada E. A hybridized svm-knn-pdapso approach to intrusion detection system. In: Proc. Fac. Seminar Ser., 2017, p. 14–21.

Sharifi AM, Amirgholipour SK, Pourebrahimi A. Intrusion detection based on joint of k-means and knn. J Converg Inform Technol. 2015;10(5):42.

Lin W-C, Ke S-W, Tsai C-F. Cann: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl Based Syst. 2015;78:13–21.

Koc L, Mazzuchi TA, Sarkani S. A network intrusion detection system based on a hidden naïve bayes multiclass classifier. Exp Syst Appl. 2012;39(18):13492–500.

Moon D, Im H, Kim I, Park JH. Dtb-ids: an intrusion detection system based on decision tree using behavior analysis for preventing apt attacks. J Supercomput. 2017;73(7):2881–95.

Ingre, B., Yadav, A., Soni, A.K.: Decision tree based intrusion detection system for nsl-kdd dataset. In: International conference on information and communication technology for intelligent systems. New York: Springer; 2017. p. 207–18.

Malik AJ, Khan FA. A hybrid technique using binary particle swarm optimization and decision tree pruning for network intrusion detection. Cluster Comput. 2018;21(1):667–80.

Relan NG, Patil DR. Implementation of network intrusion detection system using variant of decision tree algorithm. In: 2015 international conference on nascent technologies in the engineering field (ICNTE). IEEE; 2015. p. 1–5.

Rai K, Devi MS, Guleria A. Decision tree based algorithm for intrusion detection. Int J Adv Netw Appl. 2016;7(4):2828.

Sarker IH, Abushark YB, Alsolami F, Khan AI. Intrudtree: a machine learning based cyber security intrusion detection model. Symmetry. 2020;12(5):754.

Puthran S, Shah K. Intrusion detection using improved decision tree algorithm with binary and quad split. In: International symposium on security in computing and communication. New York: Springer; 2016. p. 427–438.

Balogun AO, Jimoh RG. Anomaly intrusion detection using an hybrid of decision tree and k-nearest neighbor, 2015.

Azad C, Jha VK. Genetic algorithm to solve the problem of small disjunct in the decision tree based intrusion detection system. Int J Comput Netw Inform Secur. 2015;7(8):56.

Jo S, Sung H, Ahn B. A comparative study on the performance of intrusion detection using decision tree and artificial neural network models. J Korea Soc Dig Indus Inform Manag. 2015;11(4):33–45.

Zhan J, Zulkernine M, Haque A. Random-forests-based network intrusion detection systems. IEEE Trans Syst Man Cybern C. 2008;38(5):649–59.

Tajbakhsh A, Rahmati M, Mirzaei A. Intrusion detection using fuzzy association rules. Appl Soft Comput. 2009;9(2):462–9.

Mitchell R, Chen R. Behavior rule specification-based intrusion detection for safety critical medical cyber physical systems. IEEE Trans Depend Secure Comput. 2014;12(1):16–30.

Alazab M, Venkataraman S, Watters P. Towards understanding malware behaviour by the extraction of api calls. In: 2010 second cybercrime and trustworthy computing Workshop. IEEE; 2010. p. 52–59.

Yuan Y, Kaklamanos G, Hogrefe D. A novel semi-supervised adaboost technique for network anomaly detection. In: Proceedings of the 19th ACM international conference on modeling, analysis and simulation of wireless and mobile systems. ACM; 2016. p. 111–14.

Ariu D, Tronci R, Giacinto G. Hmmpayl: an intrusion detection system based on hidden markov models. Comput Secur. 2011;30(4):221–41.

Årnes A, Valeur F, Vigna G, Kemmerer RA. Using hidden markov models to evaluate the risks of intrusions. In: International workshop on recent advances in intrusion detection. New York: Springer; 2006. p. 145–64.

Hansen JV, Lowry PB, Meservy RD, McDonald DM. Genetic programming for prevention of cyberterrorism through dynamic and evolving intrusion detection. Decis Supp Syst. 2007;43(4):1362–74.

Aslahi-Shahri B, Rahmani R, Chizari M, Maralani A, Eslami M, Golkar MJ, Ebrahimi A. A hybrid method consisting of ga and svm for intrusion detection system. Neural Comput Appl. 2016;27(6):1669–76.

Alrawashdeh K, Purdy C. Toward an online anomaly intrusion detection system based on deep learning. In: 2016 15th IEEE international conference on machine learning and applications (ICMLA). IEEE; 2016. p. 195–200.

Yin C, Zhu Y, Fei J, He X. A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access. 2017;5:21954–61.

Kim J, Kim J, Thu HLT, Kim H. Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 international conference on platform technology and service (PlatCon). IEEE; 2016. p. 1–5.

Almiani M, AbuGhazleh A, Al-Rahayfeh A, Atiewi S, Razaque A. Deep recurrent neural network for iot intrusion detection system. Simulation Modelling Practice and Theory. 2019;102031.

Kolosnjaji B, Zarras A, Webster G, Eckert C. Deep learning for classification of malware system call sequences. In: Australasian joint conference on artificial intelligence. New York: Springer; 2016. p. 137–49.

Wang W, Zhu M, Zeng X, Ye X, Sheng Y. Malware traffic classification using convolutional neural network for representation learning. In: 2017 international conference on information networking (ICOIN). IEEE; 2017. p. 712–17.

Alauthman M, Aslam N, Al-kasassbeh M, Khan S, Al-Qerem A, Choo K-KR. An efficient reinforcement learning-based botnet detection approach. J Netw Comput Appl. 2020;150:102479.

Blanco R, Cilla JJ, Briongos S, Malagón P, Moya JM. Applying cost-sensitive classifiers with reinforcement learning to ids. In: International conference on intelligent data engineering and automated learning. New York: Springer; 2018. p. 531–38.

Lopez-Martin M, Carro B, Sanchez-Esguevillas A. Application of deep reinforcement learning to intrusion detection for supervised problems. Exp Syst Appl. 2020;141:112963.

Sarker IH, Kayes A, Watters P. Effectiveness analysis of machine learning classification models for predicting personalized context-aware smartphone usage. J Big Data. 2019;6(1):1–28.

Holte RC. Very simple classification rules perform well on most commonly used datasets. Mach Learn. 1993;11(1):63–90.

John GH, Langley P. Estimating continuous distributions in bayesian classifiers. In: Proceedings of the eleventh conference on uncertainty in artificial intelligence. Morgan Kaufmann Publishers Inc.; 1995. p. 338–45.

Quinlan JR. C4.5: Programs for machine learning. Machine Learning, 1993.

Sarker IH, Colman A, Han J, Khan AI, Abushark YB, Salah K. Behavdt: a behavioral decision tree learning to build user-centric context-aware predictive model. Mobile Networks and Applications. 2019, p. 1–11.

Aha DW, Kibler D, Albert MK. Instance-based learning algorithms. Mach Learn. 1991;6(1):37–66.

Keerthi SS, Shevade SK, Bhattacharyya C, Murthy KRK. Improvements to platt’s smo algorithm for svm classifier design. Neural Comput. 2001;13(3):637–49.

Freund Y, Schapire RE, et al: Experiments with a new boosting algorithm. In: Icml, vol. 96, p. 148–156 (1996). Citeseer

Le Cessie S, Van Houwelingen JC. Ridge estimators in logistic regression. J Royal Stat Soc C. 1992;41(1):191–201.

Watters PA, McCombie S, Layton R, Pieprzyk J. Characterising and predicting cyber attacks using the cyber attacker model profile (camp). J Money Launder Control. 2012.

Breiman L. Random forests. Mach Learn. 2001;45(1):5–32.

Sarker IH. Context-aware rule learning from smartphone data: survey, challenges and future directions. J Big Data. 2019;6(1):95.

MacQueen J. Some methods for classification and analysis of multivariate observations. In: Fifth Berkeley symposium on mathematical statistics and probability, vol. 1, 1967.

Rokach L. A survey of clustering algorithms. In: Data Mining and Knowledge Discovery Handbook. New York: Springer; 2010. p. 269–98.

Sneath PH. The application of computers to taxonomy. J Gen Microbiol. 1957;17:1.

Sorensen T. method of establishing groups of equal amplitude in plant sociology based on similarity of species. Biol Skr. 1948;5.

Sarker IH, Colman A, Kabir MA, Han J. Individualized time-series segmentation for mining mobile phone user behavior. Comput J. 2018;61(3):349–68.

Kim G, Lee S, Kim S. A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Exp Syst Appl. 2014;41(4):1690–700.

MathSciNet   Google Scholar  

Agrawal R, Imieliński T, Swami A. Mining association rules between sets of items in large databases. In: ACM SIGMOD Record. ACM; 1993. vol. 22, p. 207–16.

Flach PA, Lachiche N. Confirmation-guided discovery of first-order rules with tertius. Mach Learn. 2001;42(1–2):61–95.

Agrawal R, Srikant R, et al: Fast algorithms for mining association rules. In: Proc. 20th Int. Conf. Very Large Data Bases, VLDB, 1994, vol. 1215, p. 487–99.

Houtsma M, Swami A. Set-oriented mining for association rules in relational databases. In: Proceedings of the eleventh international conference on data engineering. IEEE; 1995. p. 25–33.

Ma BLWHY. Integrating classification and association rule mining. In: Proceedings of the fourth international conference on knowledge discovery and data mining, 1998.

Han J, Pei J, Yin Y. Mining frequent patterns without candidate generation. In: ACM Sigmod Record. ACM; 2000. vol. 29, p. 1–12.

Sarker IH, Salim FD. Mining user behavioral rules from smartphone data through association analysis. In: Proceedings of the 22nd Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD), Melbourne, Australia. New York: Springer; 2018. p. 450–61.

Das A, Ng W-K, Woon Y-K. Rapid association rule mining. In: Proceedings of the tenth international conference on information and knowledge management. ACM; 2001. p. 474–81.

Zaki MJ. Scalable algorithms for association mining. IEEE Trans Knowl Data Eng. 2000;12(3):372–90.

Coelho IM, Coelho VN, Luz EJS, Ochi LS, Guimarães FG, Rios E. A gpu deep learning metaheuristic based model for time series forecasting. Appl Energy. 2017;201:412–8.

Van Efferen L, Ali-Eldin AM. A multi-layer perceptron approach for flow-based anomaly detection. In: 2017 International symposium on networks, computers and communications (ISNCC). IEEE; 2017. p. 1–6.

Liu H, Lang B, Liu M, Yan H. Cnn and rnn based payload classification methods for attack detection. Knowl Based Syst. 2019;163:332–41.

Berman DS, Buczak AL, Chavis JS, Corbett CL. A survey of deep learning methods for cyber security. Information. 2019;10(4):122.

Bellman R. A markovian decision process. J Math Mech. 1957;1:679–84.

Kaelbling LP, Littman ML, Moore AW. Reinforcement learning: a survey. J Artif Intell Res. 1996;4:237–85.

Sarker IH. A machine learning based robust prediction model for real-life mobile phone data. Internet of Things. 2019;5:180–93.

Kayes ASM, Han J, Colman A. OntCAAC: an ontology-based approach to context-aware access control for software services. Comput J. 2015;58(11):3000–34.

Kayes ASM, Rahayu W, Dillon T. An ontology-based approach to dynamic contextual role for pervasive access control. In: AINA 2018. IEEE Computer Society, 2018.

Colombo P, Ferrari E. Access control technologies for big data management systems: literature review and future trends. Cybersecurity. 2019;2(1):1–13.

Aleroud A, Karabatis G. Contextual information fusion for intrusion detection: a survey and taxonomy. Knowl Inform Syst. 2017;52(3):563–619.

Sarker IH, Abushark YB, Khan AI. Contextpca: Predicting context-aware smartphone apps usage based on machine learning techniques. Symmetry. 2020;12(4):499.

Madsen RE, Hansen LK, Winther O. Singular value decomposition and principal component analysis. Neural Netw. 2004;1:1–5.

Qiao L-B, Zhang B-F, Lai Z-Q, Su J-S. Mining of attack models in ids alerts from network backbone by a two-stage clustering method. In: 2012 IEEE 26th international parallel and distributed processing symposium workshops & Phd Forum. IEEE; 2012. p. 1263–9.

Sarker IH, Colman A, Han J. Recencyminer: mining recency-based personalized behavior from contextual smartphone data. J Big Data. 2019;6(1):49.

Ullah F, Babar MA. Architectural tactics for big data cybersecurity analytics systems: a review. J Syst Softw. 2019;151:81–118.

Zhao S, Leftwich K, Owens M, Magrone F, Schonemann J, Anderson B, Medhi D. I-can-mama: Integrated campus network monitoring and management. In: 2014 IEEE network operations and management symposium (NOMS). IEEE; 2014. p. 1–7.

Abomhara M, et al. Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. J Cyber Secur Mob. 2015;4(1):65–88.

Helali RGM. Data mining based network intrusion detection system: A survey. In: Novel algorithms and techniques in telecommunications and networking. New York: Springer; 2010. p. 501–505.

Ryoo J, Rizvi S, Aiken W, Kissell J. Cloud security auditing: challenges and emerging approaches. IEEE Secur Priv. 2013;12(6):68–74.

Densham B. Three cyber-security strategies to mitigate the impact of a data breach. Netw Secur. 2015;2015(1):5–8.

Salah K, Rehman MHU, Nizamuddin N, Al-Fuqaha A. Blockchain for ai: review and open research challenges. IEEE Access. 2019;7:10127–49.

Gandomi A, Haider M. Beyond the hype: big data concepts, methods, and analytics. Int J Inform Manag. 2015;35(2):137–44.

Golchha N. Big data-the information revolution. Int J Adv Res. 2015;1(12):791–4.

Hariri RH, Fredericks EM, Bowers KM. Uncertainty in big data analytics: survey, opportunities, and challenges. J Big Data. 2019;6(1):44.

Tsai C-W, Lai C-F, Chao H-C, Vasilakos AV. Big data analytics: a survey. J Big data. 2015;2(1):21.

Download references

Acknowledgements

The authors would like to thank all the reviewers for their rigorous review and comments in several revision rounds. The reviews are detailed and helpful to improve and finalize the manuscript. The authors are highly grateful to them.

Author information

Authors and affiliations.

Swinburne University of Technology, Melbourne, VIC, 3122, Australia

Iqbal H. Sarker

Chittagong University of Engineering and Technology, Chittagong, 4349, Bangladesh

La Trobe University, Melbourne, VIC, 3086, Australia

A. S. M. Kayes, Paul Watters & Alex Ng

University of Nevada, Reno, USA

Shahriar Badsha

Macquarie University, Sydney, NSW, 2109, Australia

Hamed Alqahtani

You can also search for this author in PubMed   Google Scholar

Contributions

This article provides not only a discussion on cybersecurity data science and relevant methods but also to discuss the applicability towards data-driven intelligent decision making in cybersecurity systems and services. All authors read and approved the final manuscript.

Corresponding author

Correspondence to Iqbal H. Sarker .

Ethics declarations

Competing interests.

The authors declare that they have no competing interests.

Additional information

Publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cite this article.

Sarker, I.H., Kayes, A.S.M., Badsha, S. et al. Cybersecurity data science: an overview from machine learning perspective. J Big Data 7 , 41 (2020). https://doi.org/10.1186/s40537-020-00318-5

Download citation

Received : 26 October 2019

Accepted : 21 June 2020

Published : 01 July 2020

DOI : https://doi.org/10.1186/s40537-020-00318-5

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Decision making
• Cyber-attack
• Security modeling
• Intrusion detection
• Cyber threat intelligence

• Open access
• Published: 05 January 2022

A decade of research on patterns and architectures for IoT security

• Tanusan Rajmohan 1 ,
• Phu H. Nguyen   ORCID: orcid.org/0000-0003-1773-8581 2 &
• Nicolas Ferry 3  

Cybersecurity volume  5 , Article number:  2 ( 2022 ) Cite this article

11k Accesses

10 Citations

Metrics details

Security of the Internet of Things (IoT)-based Smart Systems involving sensors, actuators and distributed control loop is of paramount importance but very difficult to address. Security patterns consist of domain-independent time-proven security knowledge and expertise. How are they useful for developing secure IoT-based smart systems? Are there architectures that support IoT security? We aim to systematically review the research work published on patterns and architectures for IoT security (and privacy). Then, we want to provide an analysis on that research landscape to answer our research questions. We follow the well-known guidelines for conducting systematic literature reviews. From thousands of candidate papers initially found in our search process, we have systematically distinguished and analyzed thirty-six (36) papers that have been peer-reviewed and published around patterns and architectures for IoT security and privacy in the last decade (January 2010–December 2020). Our analysis shows that there is a rise in the number of publications tending to patterns and architectures for IoT security in the last three years. We have not seen any approach of applying systematically architectures and patterns together that can address security (and privacy) concerns not only at the architectural level, but also at the network or IoT devices level. We also explored how the research contributions in the primary studies handle the different issues from the OWASP Internet of Things (IoT) top ten vulnerabilities list. Finally, we discuss the current gaps in this research area and how to fill in the gaps for promoting the utilization of patterns for IoT security and privacy by design.

Introduction

The Internet of Things (IoT) is becoming more popular as many “things” are getting more intelligent and connected, e.g., smartphones, smart cars, smart energy grids, smart cities. The IEEE Standards Association defines an IoT system as “a system of entities (including cyber-physical devices, information resources, and people) that exchange information and interact with the physical world by sensing, processing information, and actuating” (IEEE SA 2018 ). In 2019, the International Data Corporation (IDC) made a forecast that there will be 41.6 billion IoT devices in the field by 2025. Footnote 1 Most of the critical infrastructures pointed in the EU’s Directive on security of network and information systems Footnote 2 such as for energy, water, transport, and healthcare are or will be IoT-based. For instance, smart cities are integrating IoT sensors with analytic to streamline spending, improve infrastructural efficiency. Footnote 3 Internet-connected pacemakers have been implanted for millions to help control their abnormal heart rhythms. The IoT will thus play a key role in the digitalization of the society and IoT security issues will “affect not only bits and bytes”, but also “flesh and blood” (Schneier 2017 ). Without solid security in place, attacks and malfunctions in IoT-based critical infrastructures may outweigh any of its benefits (Roman et al. 2011 ). On the other hand, privacy is also very important in the IoT. Many “things” that people use in daily activities at work and at home are now connected to the Internet. This means that sensitive private data can be exposed via the Internet. Privacy challenges are just as important to tackle in comparison to security challenges in the IoT. The heterogeneous networking technologies and resource-constrained devices of the IoT that can only afford lightweight security and privacy solutions are proven to be weak links for IoT systems (Porambage et al. 2016 ). It is also possible that security and privacy are often overlooked by IoT solutions providers (Richa 2021 ), e.g., because of complexity, time-to-market pressure, or due to a lack of knowledge. A way to address this issue could be based on security patterns, which have proven to be very valuable for practitioners, especially non-security experts (Schumacher et al. 2013 ; Fernandez-Buglioni 2013 ).

In the software engineering discipline, patterns document well-known solutions that contain domain-independent knowledge and expertise in a reusable way. The solutions documented by patterns are known to be sound because they are tested over time (Schmidt and Buschmann 2003 ). Moreover, the pros and cons of a pattern are often explicitly documented. Therefore, sketching a solution based on a pattern can provide a good baseline for building the system. Using patterns and architecture alone is not enough but can provide an important support in the development methods for secure systems such as the ones surveyed in Nguyen et al. ( 2015 ). Security patterns consist of domain-independent, time-proven security knowledge, and expertise. Security patterns can contribute to the security and privacy of systems because they offer invaluable help in applying solid design solutions that, for example, secure the user authentication, information processing and storing, secure communication with other devices and with the server. Books and catalogs of security patterns, such as Schumacher et al. ( 2013 ), Fernandez-Buglioni ( 2013 ), Nguyen et al. ( 2015 ) and Steel and Nagappan ( 2006 ) should be useful for users to unravel security challenges by utilizing time-proven security knowledge and expertise.

However, the IoT era introduces new security challenges that existing approaches and methods cannot address. Footnote 4 For example, the cross-domain cyber-to-physical (C2P) attack is the least understood one comparing to P2C, C2C, or P2P attack categories (Yampolskiy et al. 2013 ). IoT systems, especially mission-critical ones, having intrinsic complexity and heterogeneity, broader attack surfaces, often live under uncertainty, which exacerbates security issues (Ciccozzi et al. 2017 ). Indeed, nowadays IoT systems often span across the Cloud layer, the Fog/Edge layer, and the IoT field-devices layer consisting of many smart, connected devices. The explosion in connectivity created a larger attack surface area (Covington and Carskadden 2013 ). Besides, the IoT field-devices often operate under dynamic (physical) execution environments, involving dynamic actuation, but have limited data delivery and storage facilities. In other words, uncertainty is inherent in IoT systems. We are very much interested in examining the landscape of patterns and architectures being applied for the IoT domain, whose security (and privacy) challenges are huge. How have the existing security patterns been applied in tackling IoT security challenges? Are there any new security patterns that have been specifically introduced to address new security challenges in IoT?

To make sense of the research landscape of methodologies around patterns for security and privacy in IoT, we have conducted a systematic literature review (SLR) following the most popular guidelines from Kitchenham et al. ( 2011 ), Kitchenham and Charters ( 2007 ), Petersen et al. ( 2015 ) and Wohlin ( 2014 ). Our SLR has three fundamental objectives. First, we need to find out the approaches around patterns and architectures for IoT security and privacy, called the primary studies of our SLR. Second, by analyzing the primary studies, we can perceive gaps in the state-of-the-art of patterns and architectures for IoT security and privacy. We are particularly interested in how advanced patterns and architectures are, and their approaches to address IoT security. Third, based on the results, we identify the gaps to support security and privacy in modern IoT systems and propose further research to fill the gaps. The main contributions of this work are our responses to the accompanying research questions (RQ)s.

RQ1 What are the publication statistics of the research on patterns and architectures for IoT security and privacy?

RQ2 What are the technical details of these security patterns and architectures for addressing IoT security and privacy?

RQ3 What are the “gaps” to make security patterns and architectures more applicable for IoT?

From thousands of candidate papers initially found in our search process, we have systematically distinguished and analyzed 36 papers that have been published around patterns and architectures for IoT security in the last decade. Our analysis results show the trend of an increasing number of published papers in this research area in three recent years. We have performed our analysis based on a taxonomy that we built for this research area. Our analysis sheds some light on the state of the art around patterns and architectures for IoT security and the current limitations. Based on our analysis, we provides some suggestions for a way forward of this research topic. Specifically, the contributions in this paper include:

We have an exhaustive database search process. Moreover, we manually conducted snowballing (backward and forward as suggested in Wohlin 2014 ). We identified and included six new primary studies from this snowballing process. Therefore, our final set of primary studies reported in this paper is 36 (see “ Our systematic literature review approach ” section).

We have defined a clear taxonomy (see “ Taxonomy of the research area ” section) and provided in-depth analyses on the architectures and patterns from the primary studies (see “ Technical aspects of the primary studies (RQ2) ” section). For example, we summarize all the patterns from the primary studies and also discuss how the architectures from the primary studies cover the seven layers of the IoT World Forum Reference Model of the IoT architecture (Juxtology 2018 ).

We have provided discussion on the existing gaps and limitations in “ Gaps and limitations (RQ3) ” section. For example, we discuss the gaps in the research contributions from the primary studies regarding how they handle the different issues presented by the OWASP IoT top ten vulnerabilities list (OWASP 2018 ). Last but not least, we explicitly discuss the possible threats to validity of our study in “ Threats to validity ” section to give readers more insights in this work.

In the remainder of this paper: “ Background ” section gives some background definitions. In “ Our systematic literature review approach ” section, we present our SLR approach. To facilitate data extraction and comparison, “ Taxonomy of the research area ” section describes our classification schemes for the primary studies. We present the results of our SLR in “ Results ” section. Related work is discussed in “ Related work ” section. In “ Threats to validity ” section, we analyze possible threats to the validity of this work. Finally, we conclude the paper with summarizing the main findings in “ Conclusions ” section.

We give the definitions of SLR in the “ Systematic literature review ” section, (security) design patterns in the “ Design pattern ” section, and security architecture in the “ Security architecture ” section that were used to define the scope of this work.

Systematic literature review

A SLR is a study that “reviews all the primary studies relating to a specific research question”, and “uses a well-defined methodology to identify, analyze and interpret all available evidence related to that specific research question in a way that is unbiased and (to a degree) repeatable.” (Kitchenham et al. 2011 )

Design pattern

The primary understanding for a design pattern is that it is a reusable solution for a typical occurring issue in software design. A pattern is ordinarily abstract with the goal that it may be reused, and it is a proven solution for solving a software design problem. A design pattern is not a complete implementation that can be executed and utilized, but more a plan or template for how to take care of an issue that can serve in various circumstances/contexts (Gamma et al. 1994 ; Fernandez-Buglioni 2013 ).

According to Schumacher et al. ( 2013 ), “a security pattern describes a particular recurring security problem that arises in specific contexts, and presents a well-proven generic solution for it. The solution consists of a set of interacting roles that can be arranged into multiple concrete design structures, as well as a process to create one particular such structure.”

Note that there are key security patterns such as from Schumacher et al. ( 2013 ), Fernandez-Buglioni ( 2013 ) and Steel and Nagappan ( 2006 ) that provide guidance at the architecture level. These patterns may also be called security architectures but yet they are design patterns and should be considered as patterns. In other words, we clearly call architectural patterns as patterns, not architectures. This definition means that we only consider an architecture as a pattern if it is explicitly described as a pattern. Any architecture for IoT security that is not a pattern is called “security architecture” in this paper.

Security architecture

The term sofware architecture typically refers to the structure of a software system, including software elements and the relationships between them. Within our SLR, we want to include architectures for IoT security or architectures that were specifically designed with IoT security concerns in mind. When architectures are not formalized as a pattern, we call them IoT security architectures, as opposed to architectural patterns. When a security architecture is generic enough to be used in different contexts, it is called an IoT security reference architecture. It is worth discussing the relationship between IoT security reference architectures and IoT security patterns: (1) IoT security patterns can be extracted from an IoT security reference architecture, and (2) an IoT security reference architecture can leverage and be composed of one or several patterns, including IoT security patterns. By analyzing not only security patterns but also security architectures, our study aims to cover security aspects encompassing not only only one layer of IoT systems but also multiple layers when architectures are key to address.

Our systematic literature review approach

We conducted our SLR using the most popular guidelines from Kitchenham et al. ( 2011 ), Kitchenham and Charters ( 2007 ), Petersen et al. ( 2015 ) and Wohlin ( 2014 ). Three main phases of an SLR are: Planning the Review, Conducting the Review, Reporting the Review (see Fig. 1 ) (Kitchenham and Charters 2007 ).

The process of planning, conducting, and reporting a SLR (Kitchenham and Charters 2007 )

We map the stages associated with planning our SLR with where we present them in this paper:

Identification of the need for a review: In the “ Introduction ” section, we have presented the motivation of our SLR.

Specifying the research question(s): the “ Research questions ” section.

Developing a review protocol: Our review protocol is developed according to the guidelines in Kitchenham and Charters ( 2007 ). The main parts of our review protocol are the research questions (“ Research questions ” section), the inclusion and exclusion criteria (“ Inclusion and exclusion criteria ” section), the search and selection strategy (“ Search and selection strategy ” section), and the taxonomy for data extraction and synthesis (“ Taxonomy of the research area ” section).

The stages associated with conducting our SLR:

Identification of research: Search and selection strategy (“ Search and selection strategy ” section).

Selection of primary studies: Search and selection strategy (“ Search and selection strategy ” section).

Study quality assessment: We only selected peer-reviewed papers with enough details as the primary studies of this SLR (“ Inclusion and exclusion criteria ” section).

Data extraction and monitoring: We extracted data based on the taxonomy defined in “ Taxonomy of the research area ” section.

Data synthesis: We synthesized the extracted data to answer our research questions in “ Results ” section.

The stages associated with reporting our SLR:

Specifying dissemination mechanisms: We specified the journal to publish the results of our SLR.

Formatting the main report: This paper.

With the particular context and motivation displayed in “ Introduction ” section, we introduce our RQs for this paper in “ Research questions ” section. In “ Inclusion and exclusion criteria ” section, we explain the criteria for choosing primary studies to explicitly portray the scope of our SLR and diminish possible bias in our selection procedure. “ Search and selection strategy ” section shows our search strategy to locate the primary studies for answering the RQs.

Research questions

This SLR aims to answer the three RQs presented in “ Introduction ” section. Each is extended with sub-questions.

RQ1 includes three sub-RQs. RQ1.1 In which year(s) are the primary studies published? Answering this question allows us to know when this research topic became fascinating as well as how recent the research on this topic is. It could give an indicator of how much attention security patterns and secure architectures for IoT get from the research community. RQ1.2 — What are the types (i.e., Journal, Conference, Workshop) and target domains (e.g., IoT, Network, Cloud and Software Engineering (SE)) of the venues where the primary studies were published? Answering this question allows us to recognize the target domain for each paper. Note that security patterns are presented in publications across a few related research areas, e.g., IoT, Cloud, SE, Network. The type of paper can give a few hints on the maturity of the primary study. Journal papers should report more mature studies than conference papers. RQ1.3 — How is the distribution of publications in terms of papers affiliated with industry and the academic? We classify a paper as academic if all the associated authors are with a university or a research institute. Moreover, we group papers as industrial if all related authors are with an industrial organization, and characterize the papers as both if there is a coordinated effort of both academia and industry. Answering RQ1.3 will display the collaboration effort between industry and scholar communities. It also demonstrates the interest and needs of IoT security patterns in the industry.

RQ2 has three sub-RQs. RQ2.1 — What type (e.g., security pattern, architecture) of contribution do the primary studies create or use, and how the distribution is between them? Answering RQ2.1 shows how the distribution of patterns and architectures are, as well as how the contribution is used or for what purpose. RQ2.2 — How well do the patterns and architectures cover security and privacy issues? Answering this RQ shows what security patterns and architectures focus on IoT systems’ specific security and privacy concerns. It also shows us what current security and privacy concerns are most covered today. RQ2.3 — What application domains have been addressed by the security patterns and architectures? This RQ can help us to see what application domains have got more attention in the application of security patterns and architectures.

RQ3 also has two sub-RQs. RQ3.1 — What are the current limitations of the IoT security patterns and architectures research? RQ3.2 — What research directions could be recommended for tackling the current limitations? These RQs help to express and suggest the current issues and possible directions for future work.

Inclusion and exclusion criteria

Considering the RQs and the basis of our study introduced in “ Introduction ” section, we predefined the inclusion and exclusion criteria to decrease bias in our methodology of search and selection of primary studies. The primary studies must meet ALL the accompanying inclusion criteria (IC):

(IC1) Contain patterns or architectures (one or more) in some form relevant for IoT systems.

(IC2) Be specifically within the area of IoT, either in a generally applicable domain or in a specific application domain of IoT.

(IC3) Present security (or privacy) concerns explicitly in system design, architecture, or infrastructure.

(IC4) Have a minimum length of four pages in double-column format or six pages in single-column format.

Moreover, when a single approach is presented in more than one paper describing different parts of the approach (e.g., approach itself, empirical study, evaluation), we include all these papers, but still consider them as a single approach (study). When encountering more than one paper describing the same or similar approaches, which were published in different venues, we only include the most recent one that has the most complete description of the approach.

We excluded papers that are not written in English, non-peer-reviewed papers (e.g., “grey” literature, white papers in industry), and papers that are only accessible as extended abstracts, posters, or presentations (not full version). We also did not include multivocal surveys as primary studies because they are secondary studies. We do discuss the surveys on related topics as related work in “ Related work ” section. We also mainly focused our review for the publications in the duration 2010–2020 (see “ Search and selection strategy ” section).

Search and selection strategy

The search strategy utilized is a blend of various kinds, to thoroughly scan for IoT security pattern and architecture papers. The objective is to locate the most relevant papers and, along these lines, discover as many essential IoT security pattern and architecture papers as possible.

Database search

Using online inquiry components of popular publication databases is the most notable approach to scan for essential primary studies when directing supplemental studies (Kitchenham and Charters 2007 ). We used five of the popular publication databases IEEE Xplore, Footnote 5 ACM Digital Library, Footnote 6 ScienceDirect, Footnote 7 Web of Knowledge (ISI), Footnote 8 and Scopus Footnote 9 to search for potential primary studies. Scopus and ACM DL already index SpringerLink Footnote 10 (Tran et al. 2017 ). The five picked databases contain peer-reviewed articles, which give advanced search capacities. Following the guidelines from Kitchenham and Charters ( 2007 ), based on the research questions and keywords utilized in some related articles, we have defined our search keywords. The search query was adopted to fit each of the search engines of the five publication databases. Note that we did not include “misuse pattern” in the search query because misuse patterns (from the point of view of the attacker) are out of scope of this study.

( “Internet of Things” OR “IoT” OR “Cyber Physical Systems” OR “Web of Things” )

( “Security Pattern” OR “Design Pattern” OR “Security Design Pattern” OR “Privacy Pattern” OR “Security Architecture” OR “Secure Architecture” )

During our database search process, we did conduct many rounds of testing the search query on the search engines. On the one hand, this testing process helped us to improve our search query and customize it for better fit the search features. On the other hand, we also saw very few hits returned by the search engines for the duration 2000–2010. Therefore, we mainly focused our review for the publications in the duration 2010–2020.

For every candidate paper, we originally reviewed the paper’s title and abstract, trailed by skimming through the contents. On the off chance that an applicant paper shows up in more than one database, we show them in the other database results. When merging to the first set of primary studies, we consolidate the outcomes, so we get the right number of papers without copies. It is portrayed step by step in Fig.  2 .

Overview of the search and selection steps

Manual search

It is unrealistic to guarantee the database search results can cover all IoT security patterns and architectures in our study. We have, therefore, attempted to supplement the database search by doing a manual search. We started by manually searching through published papers from previous journals and conferences. The conferences and journals we went through to find papers were: The International Conference on the Internet of Things, Footnote 11 Pattern Languages of Programs (PLoP), Footnote 12 EuroPLoP, Footnote 13 IEEE ICIOT, Footnote 14 ACM Transactions on Internet of Things (TIOT) Footnote 15 and IEEE Internet of Things Journal. Footnote 16 We also manually did snowballing (backward and forward) on all the primary studies found as suggested in Wohlin ( 2014 ). In the wake of looking through these journals and conferences as well as doing snowballing, we concluded that most of the relevant papers posted or found from our manual search were earlier discovered from the database search, or they did not satisfy our criteria. The papers from the manual search were checked against the automatic results, and vice versa. In the end, we had found six more primary studies from the manual search process.

Note that any candidate paper in doubt was kept for evaluation and cross-checked among the reviewers at each phase of our search and selection process. Our gathering conversations have finally yielded a set of 36 primary studies for data extraction and synthesis to answer the RQs Footnote 17 .

Taxonomy of the research area

In this section, we define a taxonomy for IoT security patterns and architectures. This taxonomy helps us to extract and synthesize data from the primary studies for answering the RQs. We applied a top-down strategy to process data from the literature around IoT, security patterns, IoT architectures, and design patterns to create a first version of the taxonomy. We also tried to validate and enrich the taxonomy by a bottom-up approach. The bottom-up approach is for extracting data from a test set of primary studies. This test set consists of the initial ten primary studies chosen. It helped us to characterize and determine the significant methods and terminology utilized in the primary studies.

Domain specificity

We characterize the domain specificity in the same manner as (Washizaki et al. 2020 ) with minor tweaks. It is essential to examine the applicability and reusability of each IoT security pattern.

General IoT security design patterns, and security architectures, which apply to any IoT system and software.

Specific IoT security design patterns, and security architectures that address specific problem domains (such as healthcare) and technical domains (such as the brain-computer interaction).

Categorization of security pattern research

We classify security patterns according to the main categories presented in Yskout et al. ( 2006 ). First, we distinguish security patterns based on how they affect the software application or the environment (e.g., infrastructure, middleware) in which the application will eventually be deployed.

Application architecture (AA): A pattern’s introduction can affect an extensive part of the application, e.g., by introducing new components in the application, or modifying existing components.

Application design (AD): A pattern’s introduction only has local implications. For example, a pattern can introduce some form of encapsulation of security data.

System (S)/Execution environment: A pattern’s introduction only affects the environment in which the application will be deployed.

We classify the (security, privacy) objectives of the patterns as presented below in “ Security and privacy concerns ” section. More importantly, we detail the patterns by their main properties from the software design pattern template by the Gang of Four (Gamma et al. 1994 ):

Intent: What (in what context) is the pattern used for? What is the purpose of the pattern?

Problem: What problem that the pattern can address. This may also include the different forces (and context) that lead to the problem.

Solution: A description of the solution provided by the pattern.

We also characterize patterns by purpose , method , and research implementation , which is similar to how Washizaki et al. ( 2018 ) did in their paper.

C1 purpose: This part includes the topics addressed by the research, software life-cycle, and the intended users.

C2 method: This part refers to the methodology and modeling methods to define the pattern’s structure and design.

C3 research implementation/validation: This part includes where, how and if the contributions were implemented and tested/validated, and in which context. It also includes analysis of a test case or scenario. Whether the results are automated and encapsulated in a tool, and whether case studies or experiments are conducted to evaluate the results relevant to the original research purpose.

IoT architecture

Many IoT architecture exist in the literature, all decomposed in a different number of layers. In our taxonomy, we leverage the IoT World Forum Reference Model of the IoT architecture (Juxtology 2018 ). This architecture provides a fine-grained granularity over the different layers that typically compose an IoT system. It has recently been adopted in many large scale IoT systems, for instance, as indicated in Create-IoT ( 2018 ), all of the H2020 IoT large scale pilots at the exception of one, have adopted this architecture. It consists of the following seven layers:

L1 physical devices and controllers: Physical layer consisting of devices or “things” of the IoT. The “things”, sensors, and Edge Node devices are classified within this layer.

L2 connectivity: Connectivity spans from the “middle” of an Edge Node device up through transport to the Cloud. This layer maps data from the logical and physical technologies used, the communication between the physical layer and the computing layer, and above.

L3 edge computing: Layer that brings computation and data storage closer to the location it is needed. Protocol conversion, routing to higher-layer software functions, and even “fast path” logic for low latency decision making will be implemented at this layer.

L4 data accumulation: Intermediate storage of incoming storage and outgoing traffic queued for delivery to lower layers. Pure SQL is what the layer is implemented with, but it may require more advanced solutions, i.e., Hadoop & Hadoop File System, Mongo, Cassandra, Spark, or other NoSQL solutions.

L5 data abstraction: Data is made clear and understandable, centers around rendering data and its storage in manners that enable developing more straightforward, performance-enhanced applications. This layer speeds up high priority traffic or alarms, and sort incoming data from the data lake into the appropriate schema and streams for upstream processing. Likewise, application information bound for downstream layers is reformatted appropriately for device communication and queued for processing.

L6 application layer: At the application layer, information interpretation of multiple IoT sensors or measurements occur, and logic is executed. Monitoring, process optimization, alarm management, statistical analysis, control logic, logistics, consumer patterns, are just a few examples of IoT applications.

L7 collaboration and processes: Application processing to its users, and data processed at lower layers are integrated with business applications. This layer consists of human interaction with all the layers of the IoT system, and economic value is delivered.

Another simpler IoT architecture largely adopted in the literature consists of three layers: perception (L1), network (grouping L2 and L3), and application (grouping L4, L5, L6, L7, and L8). We map how the contributions of today fit in both the IoT World Forum Reference Model of the IoT architecture and the three-layer IoT architecture.

Security and privacy concerns

We analyze the primary studies according to the following security and privacy concerns: confidentiality, integrity, availability (CIA), accountability, and privacy (Ross et al. 2016 ; Kuhn et al. 2001 ; Yskout et al. 2006 ). These concerns are what we consider essential to IoT systems and devices. We also classify security mechanisms such as authentication and authorization when such information are available in the primary studies. We want to see what patterns and architectures uphold and protect against these security and privacy concerns. Their definitions are as follows.

Confidentiality: Ensures the property that information is not made available or disclosed to unauthorized individuals, entities, or processes.

Integrity: Maintains and ensures the accuracy and completeness of the data during its life-cycle.

Availability: The information/service is available when needed.

Authentication: The system/device can verify a claim of identity.

Authorization: The system can determine what resources the entities that have been identified and authenticated can access and what actions they can perform within/on the system.

Accountability: Enables the tracing of important (or all) actions performed on the system back to a particular user, usually by means of logging.

Privacy: The data collected is legally collected and stored, how data is shared, and follow regulatory restrictions from the GDPR (mostly EU), and HIPAA (Office for Civil Rights 2013 ), GLBA (Federal Trade Commission 1999 ) (mostly in the US).

This section presents the main results of our SLR and how our research questions are answered. Table 1 shows an overview of the primary studies that have been found in this review regarding patterns and architectures for IoT security and privacy. Based on the taxonomy in “ Taxonomy of the research area ” section, we have extracted and synthesized the primary studies’ data to answer the RQs. “ High-level statistics (RQ1) ” section shows high-level statistics that help us to answer RQ1. Then, we present low-level details of the primary studies in “ Technical aspects of the primary studies (RQ2) ” section that help us to answer RQ2. Based on our answers to RQ1 and RQ2, we discuss the gaps and limitations as our answer to RQ3.

High-level statistics (RQ1)

In this section, we provide our answers to the RQ1- What are the publication statistics of the research on patterns and architectures for IoT security and privacy?

Answering RQ1.1 In which year(s) are the primary studies published? Fig.  3 shows a rise in the number of conference (C) and journal (J) publications related to IoT security patterns and architectures in the recent three years (2018: 7C, 2019: 5C, 4J and 2020 Footnote 18 : 5C, 5J). This spike shows that security patterns and architectures are gaining more focus over the years and that there is a demand for IoT security pattern and architecture research.

Publications per year, per venue type

Answering RQ1.2 What are the types (i.e., Journal, Conference, Workshop) and target domains (e.g., IoT, Network, Cloud and Software Engineering (SE)) of the venues where the primary studies were published? Research on the IoT, with its heterogeneous nature, traverses through various important research areas, among which we perceived Software Engineering (SE), Cloud, Blockchain, Network, and recently specialized IoT research (Borgia et al. 2016 ). Figure  4 shows the research focus areas of the publication venues where the primary studies have been published. The main research areas that we found are between IoT: 36, Cloud: 4, Network: 7, Blockchain: 7. Note that publication venues often have several research areas in their calls for papers, e.g., IoT, network. Therefore a portion of the papers could be classified in several research areas at the same time (e.g., IoT, network). These numbers do reflect the different dimensions of IoT research, with IoT research domain getting progressively more visible. In other words, IoT-oriented conferences and journals are becoming more popular and have attracted research contributions on patterns and architectures for IoT security and privacy.

The number of primary studies that are published as conference papers are more than double the number of primary studies published in journals. From the number of publications found, we distinguished the distribution of conference papers ( \(\sim\) 69%) and journal papers ( \(\sim\) 31%). It is reasonable that conference papers tend to be published more often and quickly. But, we also see that the number of journal papers has increased since our last study (Rajmohan et al. 2020 ). We do, however, believe and encourage a continued increase of journal papers around this topic. Especially seeing that the growth of IoT is increasing rapidly and that journal papers contribute to more detailed and elaborated contributions.

Research topics per publication venue

Answering RQ1.3 How is the distribution of publications in terms of papers affiliated with industry and the academic? Because IoT systems and devices are broadly utilized and growing in the industry and consumer market, we explored how the affiliations of the authors are dispersed from the primary studies. Would the affiliations of the authors have any implication on the publication of security patterns and architectures for IoT? From our analysis, we see that a significant amount of the authors who have published results on IoT security patterns or architectures are from academia ( \(\sim\) 75%). While there are no contributions exclusively from industry, authors working in industry do publish in joint efforts with co-authors from academia. In this work, we call the papers that have such joint efforts of academia-industry collaboration as “joint papers”. We discovered some papers of this type ( \(\sim\) 25%). The percentage of joint papers here is not high, but still remarkable compared to less than 10% of joint papers as primary studies reported in another review on security for cyber-physical systems (Nguyen et al. 2017 ).

Joint papers tend to have more usage examples and illustration contrasted with papers purely from academia. We saw in our study that 89% of the joint papers had graphical illustrations of their contribution in terms of architectural structure or pattern usage areas. The number of joint papers among academia and industry shows a promising collaboration level. We trust that this number continues to grow. The collaboration is win-win for the state of the art and practice, which can lead to the utilization of patterns and architectures proposed to improve products, production process, and internal processes that use IoT devices or systems further. We would be intrigued to see more implementations or examples of security patterns or architectures used by industry in the future.

Technical aspects of the primary studies (RQ2)

All the patterns and architectures in Table 1 have been examined according to our taxonomy (“ Taxonomy of the research area ” section), to give us meaningful information as well as pinpoint how the papers are relevant and where they contribute. The taxonomy was used to ensure that the primary studies have information relevant to this study. We can draw out some key examples, such as papers (Vijayakumaran et al. 2020 ; Vithya Vijayalakshmi and Arockiam 2020 ; Jerald et al. 2019 ; Pacheco et al. 2018 ), which are the ones who cover most security concerns (“ Security and privacy concerns ” section). We based on the (more fine-grained) data extracted from the primary studies to answer RQ2 : What are the technical details of these security patterns and architectures for addressing IoT security and privacy?

Answering RQ2.1 What type (e.g., security pattern, architecture) of contribution do the primary studies create or use, and how the distribution is between them? After finalizing the primary studies set, we found that the primary studies’ main contributions are either architectures ( \(\sim\) 81%) or patterns ( \(\sim\) 19%). These contributions are mostly solution proposals, where some have proper testing and validation ( \(\sim\) 57%) of their concept. Other papers have use case examples ( \(\sim\) 23%) in some form, and some papers even have implementations of their concept ( \(\sim\) 20%). As we presented in “ Security architecture ” section, papers describing frameworks are categorized as architectures (not patterns, if patterns are not explicitly mentioned). Therefore, we see a more significant contribution and more focus on architectures compared to patterns.

Claiming security solely based on a good architecture can be inadequate because it is typically not enough for end-to-end IoT security. We have seen other cases where architectures are not enough to solve the specific issues regarding e.g., user verification on the devices, firmware manipulation, and an attacker disconnects the devices upon will. Such issues are hard to handle only with security architecture solutions. The lack of security patterns is a result of its youth within the domain and security not being the main priority when developing IoT systems. Certain areas of an IoT system may need more attention than others regarding security, and architectures may not solve those issues. From our experience and information gathering, we have seen that the architecture solutions for IoT security have focused a lot on the whole system and all its layers (e.g., Cloud, Edge, IoT devices Juxtology 2018 ), more general system issues, and can target specific domains, but are very seldom enough to solve a specific problem. The architectures tend to focus on multiple layers (e.g., Cloud, Edge Juxtology 2018 ) and are harder to address a single layer issue or an issue in a small part of one of the architectural layers, where some specific security patterns may apply well.

As mentioned, a good architecture is only part of the solution and can be inadequate if we encounter specific security issues for a smaller area rather than the whole system, e.g., the breach on a casino’s thermostat in a fish tank to access customer data (Williams-Grut 2018 ). This breach shows the challenge to ensure end-to-end security for IoT systems, especially at their weakest links, e.g., a thermostat. Therefore, it would be exaggerating to tackle security only at the architectural level. A more straightforward solution would have been a security pattern for authentication of users or networks not to allow external communication to pass through IoT devices or verify the device when communication is sent. A more complete solution would be to employ suitable specific security patterns in a well-designed architecture. In other words, a high-level architecture supporting IoT security is only one side of the coin. The other side of the coin is to address specific IoT security challenges at any weak links such as IoT devices where some specific security patterns can help.

Table  2 shows which concerns regarding security and privacy for IoT are addressed by each of the 36 primary studies. When we compare the number of primary studies to the number of candidate papers we first found while doing the automatic search, there is a big difference. This means that security and IoT are popular keywords in many publications but “security patterns” for IoT is not. However, we still believe 36 is a reasonable amount, yet it ought to be higher with the goal that security patterns become increasingly frequent and accessible for industry and users who want to develop secure IoT systems.

Table  2 also shows us the distribution of the specificity of the various contributions. We see that most contributions fall under the “Generic” regarding application domains (“ Domain specificity ” section), which means that a substantial number of papers are adaptable for a widespread of IoT systems. These “Generic” solutions cover the core functionalities of an IoT system, which is why we labeled them “Generic” compared to the domain-specific solutions, which work within a specific domain for a specific purpose (e.g., smart cars, smart meters, and healthcare systems). As we can see, most of the contributions cover authentication, which is a crucial aspect of any system. One may link the amount of authentication coverage to the fact that several smart devices have been hacked due to a lack of authentication (Wright 2020 ). Even though authentication is the most focused concern in the primary studies, more efforts are needed for end-to-end security, including weak links in IoT systems. We would like to see more of such solutions and solutions for IoT pressing problems, e.g., communication, compatibility, integration, and scalability.

Answering RQ2.2 How well do the patterns and architectures cover security and privacy issues?

Table  2 shows a more detailed list of the concerns mentioned previously and what type of application domain the contributions have. We marked the concerns with an “x” if the concern was directly mentioned in the paper. The concern regarding privacy was only marked if it was explicitly mentioned, and not if they handle only the security concerns even they can contribute to privacy coverage.

Figure  5 displays the mapping of our security concerns based on the contribution. We weight how much each (security or privacy) concern was addressed in the primary studies compared to each other. We do so by simply calculating the percentage of how many times a concern was addressed compared to the total number of the times that all concerns were addressed. Note that as shown in Table  2 , most primary studies address more than one concern. As Fig.  5 shows, there is a widespread of focus between the security concerns (Confidentiality \(\sim\) 16%, Integrity \(\sim\) 19%, Availability \(\sim\) 8%, Authentication \(\sim\) 25%, and Authorization \(\sim\) 17%). Privacy ( \(\sim\) 15%) is relatively focused comparing to the security issues in terms of coverage within the primary studies. The low coverage for the availability concern could come from a lack of explicit explanation in the primary studies or availability was not considered in their solutions at all. In the first case, this is comprehensible as availability is a concern whose scope is broader than the only security domain. Indeed, preserving the availability of a system is tightly coupled to the ability of scaling it. Load scalability is the ability of a service to sustain variable workload while fulfilling quality of service (QoS) requirements, possibly by consuming a variable amount of underlying resources (Ferry et al. 2014 ). It is a core concern when engineering and designing complex system, and, as a result, many design patterns, including architectural patterns, have been defined in the literature from other fields (e.g., Big data, Cloud computing, large-scale systems, middleware).

Security concerns based on the contribution

Table  2 can give a closer look on how many contributions of patterns and architectures focusing on the various concerns. For patterns, we see that only two papers out of seven security pattern papers cover the whole CIA (Confidentiality, Integrity, and Availability) triad, while security architecture papers have two out of 29 papers. Availability is the least covered concern in the primary studies. We are unsure if it is because the contributions focus mostly on authentication, but since many of these systems process or share information, we would argue that the basic CIA triad should be focused. Figure 6 illustrates the different security considerations and privacy, and shows which ones are more focused on in the papers found. Authentication is most focused by the primary studies. This point is understandable because authentication is often the foundation for building other security mechanisms such as for authorization, confidentiality, or privacy. But, the low focus on availability is something that should be drawn attention to because availability is crucial in many IoT systems, especially critical ones.

Another thing to notice is that privacy is considered in 18 out of the 36 papers. This number shows that privacy has gained nearly as much attention as security concerns in the primary studies. As mentioned previously, some papers and concerns may contribute indirectly to privacy, e.g., concerns such as authentication and authorization that verify and provide the correct access to users, which can be one way to preserve users’ privacy. But, we only count for privacy if a primary study does mention privacy explicitly.

Architectures and patterns with focus on each security concern

Table  3 shows the IoT security and privacy patterns that are presented in the primary studies. It is worth to note that there is one primary study (Pape and Rannenberg 2019 ) dedicated to IoT privacy patterns. There are seven patterns for IoT privacy presented in Pape and Rannenberg ( 2019 ), which describe different possibilities of privacy violation and the corresponding solutions. We summarize these patterns according to the main elements of security pattern in Table  3 . There is another paper that even presents a misuse pattern (Syed et al. 2018 ). Paper Syed et al. ( 2018 ) shows a misuse pattern for Distributed Denial of Service (DDoS) in IoT. They specify appropriate countermeasures for mitigating it, contributing to a specific problem in many IoT systems. Paper Fysarakis et al. ( 2019 ) discusses a pattern-driven framework solution to encode dependencies between the security concerns mentioned in “ Security and privacy concerns ” section. More specifically, paper Fysarakis et al. ( 2019 ) presents orchestration models required for IoT and IIoT applications to guarantee quality properties including security, privacy. In the same direction but more on the trustfulness, paper Pahl et al. ( 2018 ) proposes an architecture pattern based on blockchain to ensure the identity of hardware devices and software applications, the origin and integrity of data and the contractual nature of orchestration. There is only one paper (Schuß et al. 2018 ) that proposes a pattern at the hardware layer for IoT security. Schuß et al. ( 2018 ) show a pattern to secure the device through hardware, by implementing exchangeable cryptographic co-processors. This paper provides security features that can be implemented to a general IoT system, but it requires changes or additions to the hardware. The hardware-based approach in Schuß et al. ( 2018 ) aims at allowing even constrained devices to utilize state-of-the-art cryptographic functions.

While the papers mentioned so far present IoT-specific patterns, the last two papers (Lee and Law 2017 ; Ur-Rehman and Zivic 2015 ) in Table 3 focus more on how generic security patterns can be applied for IoT. For example, both of them show how the well-known Secure Logger pattern can be used in IoT. Paper Lee and Law ( 2017 ) shows multiple patterns in which they describe and explain some usage areas, but they do not show results in these usage areas. It is more for cataloging purposes including other generic security patterns such as Secure Directory, Secure Adapter Pattern, Exception Manager Pattern, and Input Validation Pattern. Paper Ur-Rehman and Zivic ( 2015 ) presents the patterns that are adopted for smart metering systems. The Secure Remote Readout pattern is presented in details in Ur-Rehman and Zivic ( 2015 ). The other patterns are name checked only such as Secure Logger, Key Manager, Wakeup Service, and Transport Layer Security.

As mentioned in the previous section, patterns target more specific parts of an IoT system, which also makes it easier to implement a pattern for that section of the system. In most cases, architectures are harder to implement/adopt because they propose a solution for multiple parts or the whole system but often lack security details for specific parts. We discuss some representative examples of the papers we found that explicitly address, propose, or use security architectures such as Vithya Vijayalakshmi and Arockiam ( 2020 ), Witti and Konstantas ( 2018 ) and Pacheco et al. ( 2018 ). Paper Vithya Vijayalakshmi and Arockiam ( 2020 ) discusses an architecture that protects the data security at all the layers of data flow, the transmission of data is essential in this contribution. Paper Witti and Konstantas ( 2018 ) shows architectures in use-cases where they apply and discuss how they are used and the results. Paper Witti and Konstantas ( 2018 ) also explains how architecture can help securing a smart city while preserving citizens’ privacy in that city. A good example of security architecture can be found in paper Pacheco et al. ( 2018 ) by Pacheco et al. ( 2018 ), which proposes a security framework for a smart water system. That paper displays security issues at most of the IoT layers and proposes security algorithms for these issues to make developers consider security early rather than an ad-hoc or afterthought manner.

Answering RQ2.3 What application domains have been addressed by the security patterns and architectures? From Table  2 we see that nine primary studies have presented the application of IoT security patterns/architectures for some specific IoT application domains. The specific IoT application domains can help our analysis in the way they elaborate on the issues and how to mitigate them. Explicitly mentioning IoT application domain has the tendency to show that the patterns can be applied in the domain and can address the requirements in this IoT domain. Some patterns could be more important for some specific domains. For example, for smart city applications, patterns for scalability is important. For e-health, patterns for privacy are important. The primary studies that do explicitly present IoT application domains would address more clearly the IoT-specific requirements or challenges. The domain-specific solutions are created for the domains mentioned, but they may still be applicable in other domains. However, these domains usually take the initiative to incorporate IoT, which explains why these areas have specific solutions before others. We also saw that many of these domain-specific studies had graphical figures describing their contribution to show how they work or the different layers of their architectures.

We consider that domain-specific contributions may not necessarily have a more significant impact on IoT security, but it is better portrayed when having a real case scenario or issue. Both the generic and specific domain contributions cover approximately three security concerns per paper, so they both stand approximately equally strong in security concerns coverage. We believe these domain-specific contributions are getting more attention, but it may still not be a better solution than the general solutions that can apply to more systems or handle more generic issues. It is still good to see more security patterns and architectures in real cases to better grasp the contribution and the issues around these domains.

Table  2 can give us some ideas on any difference in terms of addressing security and privacy concerns between the papers by academic authors and the papers authored by both academia and industry. The joint papers on average cover \(\sim 3,2\) concerns per paper, while the “academic-only” papers on average cover \(\sim 3,3\) concerns per paper. We see that both types of paper cover at least over half of our security concerns on average. To better compare the difference between academic-only papers and joint papers in terms of addressing security and privacy concerns, we visualize the number of papers addressing each concern in Fig.  7 . The first glance at Fig.  7 may give us an impression that the papers from academia have a broader coverage than the joint. This impression makes sense because academic-only papers are nearly three times more than joint papers. However, the number of academic-only papers addressing privacy (15) is five times the number of joint papers addressing privacy (three). Would this comparison imply that privacy (compared to other concerns) has gained more focus in academic-only papers than in industry-oriented papers? On the other hand, the number of academic-only papers addressing availability (eight) is four times the number of joint papers addressing availability (two). Would this comparison imply that availability has also gained more focus in academic-only papers than industry-oriented papers? The data that we have so far is not significant to make any strong statement to answer these questions. As previously mentioned, we do, however, want to highlight joint papers as more practical for industry. If we compare the amounts of academic and joint papers, we see that the number of joint papers is still low. We hope the number of joint papers will grow in the years to come with the current trend.

Difference between academic-only and joint papers in terms of security and privacy concerns

In terms of validation, implementation and execution testing, five (Portal et al. 2020 ; Karaarslan et al. 2020 ; Koshy et al. 2020 ; Attia et al. 2019 ; Pacheco et al. 2016 ) out of the nine domain-specific contributions do testing to verify their contribution in some form, while the generic domain contributions have 16 out of 24 papers doing testing, or some form of validation or analysis of a case. These numbers can be found in Table  4 representing “ Categorization of security pattern research ” section and “ IoT architecture ” section and by “testing”, we are referring to item  C3 (research implementation/validation). We also see from this table that there are limited number of papers that discuss their purpose with their contribution. Four papers from the domain-specific category and 12 from the general domain category specified their purpose (item  C1 ). However for describing their work with figures and diagrams we found 30 contributions (10 specific, 20 general) where in average the domain-specific studies have a higher ratio of including figures (item  C2 ).

Table  4 also shows where the primary studies operate in the different layers of the IoT architecture presented in “ IoT architecture ” section. If we look at the numbers from the three-layer IoT architecture point of view, all three layers perception, network, and application have been almost completely covered by the different primary studies. However, the seven-layer IoT World Forum Reference Model of the IoT architecture can offer a closer view. We can see that the studies that explicitly address specific IoT application domains again have a higher average (4,33 layers per contribution) when it comes to layer coverage while general papers display a lower number (2,96 layers per contribution). In total, we see the coverage of 3,3 layers per contribution, which seems a little low considering there are seven layers in the architecture from the World Forum Reference Model (Juxtology 2018 ). In particular, we found that most of the primary studies do not work in all the layers, but rather operate in the Physical Devices and Controller ( L1 ), Connectivity ( L2 ), and Application ( L6 ) layers. There are four layers that have lower coverage in terms of the number of primary studies addressing IoT security challenges in those layers: Edge Computing ( L3 ), and especially, Data Accumulation ( L4 ), Data Abstraction ( L5 ), Collaboration and Processes ( L7 ).

Gaps and limitations (RQ3)

This section gives our answers to the RQ3.1 and RQ3.2 that are supported by the findings presented above. RQ3.1 — What are the current limitations of the IoT security patterns and architectures research? RQ3.2 — What research directions could be recommended for tackling the current limitations? Although there is a spike in the number of primary studies on IoT security patterns and architectures recently as presented in our answer for RQ1.1, our analyses show that IoT security patterns and architectures research is still in its beginning stages. This topic is yet to bloom, both in the industrial and academic universes. There are fundamental gaps and open issues to be handled.

The last decade was only the beginning of research efforts

One of the main limitations is that research on security patterns is still relatively “young” for IoT domain and premature, e.g., in terms of addressing all the different levels of IoT architecture reference model as presented in Table 4 , proper documentation and usage areas, as well as usage examples. Before conducting the review, we expected to see how existing security patterns being applied/adopted for IoT, and even more if new security patterns specific for IoT had emerged. But, based on the results of our review so far, we can say that the last decade has only marked the beginning of the research effort in this direction. The lack of evaluation in use cases or application in case studies as presented in our answer for RQ2.3 is one of the indicators of the premature work in most of the primary studies. Most of the contributions in the primary studies would only be ranked at the low levels (less than level five) in terms of the technology readiness levels (TRL). Footnote 19 We believe that (empirical) evaluations on the application of security patterns in IoT can make a substantial positive impact if more contributed to this research area. Empirical studies can provide more insights for any potential adopters of patterns to create more secure systems, or at least find a proven solution for a common problem.

Security patterns have proven to be very valuable for practitioners, especially non-security experts to adopt and build secure (IT) systems (Schumacher et al. 2013 ; Fernandez-Buglioni 2013 ). We would expect a similar impact of using security patterns in building secure IoT systems. Security patterns can help to mitigate the lack of knowledge from developers without security expertise, who are often under time-to-market pressure and as a result may contribute to more breaches and malicious usage, leading to more catastrophic incidents. Because, security patterns consist of domain-independent time-proven security knowledge, and expertise, they should be helpful, especially for addressing such limitations early in the development of IoT systems. We believe that security patterns can continue to be very valuable for practitioners, especially non-security experts, in building secure IoT systems. It would be even more so with a systematic understanding of different security patterns for addressing the heterogeneity of the IoT domain that our study could be a starting point for more comprehensive IoT domains. In other words, new research efforts could aim at building a catalog of security (and privacy) patterns more specifically and systematically for IoT.

The lack of addressing IoT-specific security and privacy challenges

Compatibility and complexity issues in IoT are other limitations that make security patterns and architectures less practical. An IoT system often makes use of multiple devices connected to a system(s) via a network(s). For example, one device could use a of protocols to communicate between nearby networks and other protocols to communicate with the service provider via IP. The heterogeneity of various communication protocols often used in IoT raises more security issues, which even get worse for complex IoT systems. So far, we have found patterns and architectures for mostly general issues and some specific issues that should work for their stated purposes. However, we have not encountered research that fulfills both types of issues that security patterns and architectures handle. In other words, we have not seen any approach that proposes a (systematic) top-down application of security patterns, first at the architectural level, then to more low-level details for addressing specific challenges in the heterogeneity of IoT, for example sometimes ad-hoc network, and weak links caused by tiny IoT devices.

From the results (see Table 2 ), we found that the quantity of security pattern approaches is less than the number of security architectures for IoT, and way too few compared to the initial numbers of the search results displayed in Fig.  2 . The quantity of existing papers that directly address security patterns for IoT is very low comparing to the explosion of the IoT as estimated by Gartner. Footnote 20 From the papers found, very few had characterized the patterns or architectures accordingly to the taxonomy categorization we constructed or characterized clearly in what layers of the IoT World Forum Reference Model Footnote 21 the contribution tackles (Fig.  8 ). We would, therefore, recommend that further research that should address thoroughly and systematically security pattern aspects for IoT systems.

Contributions distributed over the seven layers (Juxtology 2018 )

The status of addressing the top ten most common vulnerabilities within IoT

We also accumulated how the research contributions in the primary studies handle the different issues presented by the OWASP IoT top ten vulnerabilities list (OWASP 2018 ) as shown in Table 5 . This extraction was done to highlight more of this topic’s gaps to see how the existing contributions handle the top ten most common vulnerabilities within IoT (OWASP 2018 ). As we see from the extraction, vulnerabilities such as Insecure Network Services (I2), Insecure Ecosystem Interfaces (I3), and Insecure Data Transfer and Storage (I7) are the most covered vulnerabilities by the contributions. This spread of coverage is fair in terms of what the contributions present. Most of the solutions found are either in the communication part of the system or when interacting with multiple devices/systems. Most of the contributions are also descriptions proposing high-level architectural solutions and not detailing actual (physical) IoT products or devices. The other types of vulnerabilities, such as Weak, Guessable, or Hardcoded Passwords (I1), Insecure Default Settings (I9), Lack of Physical Hardening (I10), and so forth were not visible in the contributions of the primary studies. I2, I3, and I7 are appropriate vulnerabilities that these contributions should mitigate, however Insufficient Privacy Protection (I6) and Lack of Device Management (I8) should be more highlighted due to its natural occurrence within security patterns and architectures.

The need for new security patterns specifically for IoT

Other directions we recommend is to keep up the research on existing patterns and architectures, but also find out new security patterns specifically for IoT. The dominance of academia-only and a few joint collaboration in IoT security pattern research (see our answer to RQ1.3) suggests that there should be even more collaboration between academia and industry. Especially since the IoT market is blossoming and making the industry more aware, there should be approaches that are more practical and closer to the needs in the industry. This research should be both of research nature but should also aim to create an interest for industry and business owners. This way, we can get more test cases, gain more knowledge, and spread awareness around IoT security patterns in general. However, the ultimate goal of promoting IoT security patterns is to make it easier to improve and implement security features early in the development of IoT systems.

Related work

There have been some recent surveys focusing on different aspects of IoT engineering, from the deployment support (Nguyen et al. 2019 ) to actuation conflict management (Lavirotte et al. 2020 ). In Nguyen et al. ( 2019 ), the authors present the state of the art of IoT deployment approaches in which most approaches do not properly support software deployment and orchestration at the tiny IoT device level. Besides, trustworthiness aspects including security were not addressed properly in the existing approaches for IoT systems deployment and orchestration. The new challenges in the IoT domain can also be seen in the physical layer of IoT actuators. The SMS in Lavirotte et al. ( 2020 ) brings attention to the risk of actuation effects to safety and trustworthiness, and analyzes approaches for actuation conflicts management. However, these two recent surveys do not focus on security patterns for IoT.

There exist some other surveys that have addressed IoT security and IoT patterns, but none has systematically, specifically investigated security pattern approaches for IoT. Oracevic et al. ( 2017 ) surveyed IoT security. They want to shed light on this topic and spread awareness, with examples of IoT security solutions. The authors provide different measures on different levels to secure the systems but do not go into details. They also do not offer any form of architectures or patterns to solve common recurring problems for IoT security. Nguyen et al. ( 2015 ) has also reviewed security patterns-based approaches for new systems design and development. However, the reviewed approaches are not specific for IoT systems, which the focus of this work.

Washizaki et al. ( 2020 ) present a collection of papers that either describe IoT architectures or design patterns, or both. They also classify the patterns that are being used in detail as well as in which paper. They present a security column and specify which papers from their study have patterns that cover security. We looked through these papers, but not all of the papers did meet our criteria described in “ Inclusion and exclusion criteria ” section. The papers from Washizaki et al. ( 2020 ) that we analyzed and included as primary studies are Pape and Rannenberg ( 2019 ), Pahl et al. ( 2018 ), Lee and Law ( 2017 )) and Ntuli and Abu-Mahfouz ( 2016 ).

Reinfurt et al. ( 2016 ) give details of IoT patterns by investigating a large number of production-ready IoT offerings to extract recurring proven solution principles into patterns. These patterns show and describe how to help other individuals to understand different aspects of IoT, and also make it easier.

Qanbari et al. ( 2016 ) elaborates on how to design, build, and engineer applications for IoT systems and have created patterns to do these steps in an IoT system. They do not highlight security as one of their focus points, which is our main concern for this paper.

In general, these studies’ results not only address the functional aspects of IoT patterns but also some quality aspects, such as security and development, that we even considered in our work. However, they were not systematically and explicitly conducted to analyze the patterns and architectures for IoT security similar to our work. Note that we have clearly defined the scope of our SLR, which only considered peer-reviewed publications, not white papers from the industry. Thus, our SLR reports state of the art in IoT security pattern research, not including the state of practice in the industry.

Threats to validity

We mainly found the primary studies of this work from the database search process. The search features provided by the five online publication databases are very different from each other. We had to adapt our search string to make use of the provided search features of the publication databases. We tried to use the keywords and built search strings that were not too strict to obtain as many relevant papers as possible. However, it would be impossible to have perfect search strings for the database search process.

There is a possibility that we missed some studies that should have been included in the final set of primary studies. We have tried to mitigate possible missing primary studies of the database search process by the manual search process. While doing snowballing, we saw again some primary studies that we already found from the database search process. Removing the duplicates, we managed to get six more new primary studies that have not been found from the database search process. There were some other relevant papers from snowballing, but they finally did not pass our selection criteria. These few studies may have fulfilled our criteria but may have failed to detail what they did or did not detail enough to include them according to our criteria confidently. We ended our search and selection process in the beginning of December 2020, which means that our review does not completely cover all the publications in 2020, but a major part of them.

The primary studies that passed our selection criteria could still have limitations that make their contributions unreliable or flawed. Because many of the contributions do not have test cases or examples, it can be hard to know if the patterns and architectures do what they are supposed to. It also creates uncertainty regarding how good the patterns preserve or contain the security in already existing systems. To mitigate this risk, we conducted cross-checks between at least two reviewers for some papers in doubt to remove any papers that do not have enough scientific contributions according to our selection criteria.

Conclusions

In this paper, we have presented our systematic review on patterns and architectures for IoT security. After systematically recognizing and reviewing 36 primary studies out of thousands of relevant papers in this domain, we have discovered that there is a slight rise in the number of publications addressing security patterns and architectures in the two recent years. However, our analysis has shown that security patterns are relatively “young” for the IoT domain and we have found more papers with main contributions categorized as architectures rather than patterns. This indicates that more efforts are needed in terms of formalization, proper documentation and adoption. We have not seen any approaches that combine architectural patterns or even IoT security reference architectures with other design patterns. Similarly, we have not seen architectural patterns or IoT security reference architectures referring to any design pattern they would be composed of. This includes patterns at the IoT “weak links”: the network and IoT devices levels. Most of the primary studies do not work in all the seven layers of the IoT World Forum Reference Model for IoT architecture. They mainly operate in the Physical Devices and Controller ( L1 ), Connectivity ( L2 ), and Application ( L6 ) layers. There are four layers that have little coverage in terms of patterns and architectures for addressing IoT security challenges: Edge Computing ( L3 ), Data Accumulation ( L4 ), Data Abstraction ( L5 ), Collaboration and Processes ( L7 ). We also accumulated how the research contributions in the primary studies handle the different issues presented by the OWASP IoT top ten vulnerabilities list.

New IoT systems development should concentrate more on tending to security, which can be improved with progressively relevant security patterns to apply and reuse. In other words, we need to promote the utilization of patterns for IoT security (and privacy) by design. To make security patterns for IoT approaches more viable, we consider the research collaboration between academia and industry is key in this domain. Security patterns in literature can be researched and applied in developing secure IoT systems with industrial context. Vice versa, experiences gained from securing industrial IoT systems can help to improve existing security patterns for IoT, or even new ones can emerge.

Availability of data and materials

All the data of our work is available in Google Drive https://drive.google.com/drive/folders/19CbTTYauf4ijpcSSlN0yySZLz8QIgscJ?usp=sharing .

https://www.idc.com/ .

NIS Directive, https://ec.europa.eu/digital-single-market/en/network-and-information-security-nis-directive .

A. Dasgupta, The Continuum: Big Data, Cloud & Internet of Things, IBM Internet of Things blog, 2017.

Gartner, The Death of IoT Security as You Know It, Gartner, 2017.

https://ieeexplore.ieee.org .

https://dlnext.acm.org .

https://sciencedirect.com/ .

http://apps.webofknowledge.com .

https://scopus.com .

https://www.springer.com .

https://iot-conference.org/iot2020/ .

https://hillside.net/conferences .

https://www.europlop.net/ .

https://conferences.computer.org/iciot/2019/ .

https://dl.acm.org/journal/tiot .

https://ieee-iotj.org/ .

Our search and selection process for the primary studies concluded in December 2020

Our search and selection process covers the period until December 2020.

The use of TRLs in the Horizon 2020 Work Programmes ( https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/support/faq/2890 ).

Gartner, November 2018 ( https://www.gartner.com/en/newsroom/press-releases/2018-11-07-gartner-identifies-top-10-strategic-iot-technologies-and-trends ).

Juxtology - IoT: Architecture ( https://www.m2mology.com/iot-transformation/iot-world-forum/ ).

Abbreviations

• Internet of Things

Alphand O, Amoretti M, Claeys T, Dall’Asta S, Duda A, Ferrari G, Rousseau F, Tourancheau B, Veltri L, Zanichelli F (2018) IoTChain: a blockchain security architecture for the Internet of Things, vol. 2018-April, pp 1–6. https://doi.org/10.1109/WCNC.2018.8377385

Attia O, Khoufi I, Laouiti A, Adjih C (2019) An IoT-blockchain architecture based on hyperledger framework for healthcare monitoring application. In: 2019 10th IFIP international conference on new technologies, mobility and security (NTMS), pp 1–5. https://doi.org/10.1109/NTMS.2019.8763849

Borgia E, Gomes DG, Lagesse B, Lea RJ, Puccinelli D (2016) Special issue on “internet of things: research challenges and solutions”. Comput Commun 89:1–4

Ciccozzi F, Crnkovic I, Di Ruscio D, Malavolta I, Pelliccione P, Spalazzese R (2017) Model-driven engineering for mission-critical iot systems. IEEE Softw 34(1):46–53

Article   Google Scholar  

Covington MJ, Carskadden R (2013) Threat implications of the internet of things. In: 2013 5th international conference on cyber conflict (CYCON 2013), pp 1–12

Create-IoT (2018) Deliverable D6.02—Recommendations for commonalities and interoperability profiles of IoT platforms. https://european-iot-pilots.eu/wp-content/uploads/2018/11/D06_02_WP06_H2020_CREATE-IoT_Final.pdf . Accessed 30 Sept 2021

Dhieb N, Ghazzai H, Besbes H, Massoud Y (2020) Scalable and secure architecture for distributed iot systems. In: 2020 IEEE technology engineering management conference (TEMSCON), pp 1–6. https://doi.org/10.1109/TEMSCON47658.2020.9140108

Dougherty C, Sayre K, Seacord RC, Svoboda D, Togashi K (2009) Secure design patterns. Technical report, Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst

Durresi M, Subashi A, Durresi A, Barolli L, Uchida K (2019) Secure communication architecture for internet of things using smartphones and multi-access edge computing in environment monitoring. J Ambient Intell Humaniz Comput 10(4):1631–1640. https://doi.org/10.1007/s12652-018-0759-6

Federal Trade Commission (1999) How to comply with the privacy of consumer financial information rule of the Gramm-Leach-Bliley Act. https://www.ftc.gov/tips-advice/business-center/guidance/how-comply-privacy-consumer-financial-information-rule-gramm . Accessed 29 Sept 2020

Fernandez-Buglioni E (2013) Security patterns in practice: designing secure architectures using software patterns. Wiley, Hoboken

Google Scholar  

Ferry N, Brataas G, Rossini A, Chauvel F, Solberg A (2014) Towards bridging the gap between scalability and elasticity. CLOSER 10:0004975307460751

Fysarakis K, Spanoudakis G, Petroulakis N, Soultatos O, Broring A, Marktscheffel T (2019) Architectural patterns for secure iot orchestrations. In: 2019 Global IoT Summit (GIoTS), pp 1–6. https://doi.org/10.1109/GIOTS.2019.8766425

Gamma E, Helm R, Johnson R, Vlissides JM (1994) Design patterns: elements of reusable object-oriented software, 1st edn. Addison-Wesley Professional, Boston

MATH   Google Scholar  

Garcia-Morchon O, Keoh SL, Kumar S, Moreno-Sanchez P, Vidal-Meca F, Ziegeldorf JH (2013) Securing the ip-based internet of things with hip and dtls. In: Proceedings of the sixth ACM conference on security and privacy in wireless and mobile networks. WiSec ’13. Association for Computing Machinery, New York, NY, USA, pp 119–124. https://doi.org/10.1145/2462096.2462117

Goncalves F, Macedo J, Nicolau MJ, Santos A (2013) Security architecture for mobile e-health applications in medication control. In: 2013 21st international conference on software, telecommunications and computer networks—(SoftCOM 2013), pp 1–8. https://doi.org/10.1109/SoftCOM.2013.6671901

IEEE SA, S.A. (2018) IEEE draft standard for an architectural framework for the internet of things (IoT). IEEE P2413/D0.4.5, December 2018, pp 1–264

Jerald AV, Rabara SA, Arun Gnana Raj A (2019) Secured architecture for integrated iot enabled smart services. Int J Recent Technol Eng 8(3):7384–7393. https://doi.org/10.35940/ijrte.C6145.098319

Juxtology (2018) IoT: architecture. https://www.m2mology.com/iot-transformation/iot-world-forum/ . Accessed 27 July 2020

Karaarslan E, Karabacak E, Cetinkaya C (2020) Design and implementation of sdn-based secure architecture for iot-lab. In: Hemanth DJ, Kose U (eds) Artificial intelligence and applied mathematics in engineering problems. Springer, Cham, pp 877–885

Chapter   Google Scholar  

Karmakar KK, Varadharajan V, Nepal S, Tupakula U (2019) SDN enabled secure IoT architecture, pp 581–585. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85066971444&partnerID=40&md5=c0f52e2ce49d38dad5d181190e28e795

Kitchenham BA, Charters S (2007) Guidelines for performing systematic literature reviews in software engineering. Technical Report EBSE 2007-001, Keele University and Durham University Joint Report . https://doi.org/10.1145/2372233.2372235

Kitchenham BA, Budgen D, Brereton OP (2011) Using mapping studies as the basis for further research—a participant-observer case study. Inf Softw Technol 53(6):638–651. https://doi.org/10.1016/j.infsof.2010.12.011 ( Special Section: Best papers from the APSEC )

Koo J, Oh SR, Lee SH, Kim YG (2020) Security architecture for cloud-based command and control system in iot environment. Appl Sci 10:1035. https://doi.org/10.3390/app10031035

Koshy P, Babu S, Manoj BS (2020) Sliding window blockchain architecture for internet of things. IEEE Internet Things J 7(4):3338–3348. https://doi.org/10.1109/JIOT.2020.2967119

Kuhn DR, Hu VC, Polk WT, Chang S-J (2001) NIST SP 800-32, introduction to public key technology and the federal PKI infrastructure. National Institute of Standards & Technology, p 54. https://doi.org/10.6028/NIST.SP.800-32

Lavirotte S, Rocher G, Tigli J, Gonnin T (2020) IoT-based systems actuation conflicts management towards DevOps: a systematic mapping study. In: Proceedings of the 5th international conference on internet of things, big data and security, vol 1. IoTBDS, pp 227–234. SciTePress. https://doi.org/10.5220/0009355102270234 . INSTICC

Lee W, Law P (2017) A case study in applying security design patterns for iot software system. In: 2017 international conference on applied system innovation (ICASI), pp 1162–1165. https://doi.org/10.1109/ICASI.2017.7988402

Lessa dos Santos G, Guimaraes VT, da Cunha Rodrigues G, Granville LZ, Tarouco LMR (2015) A dtls-based security architecture for the internet of things. In: 2015 IEEE symposium on computers and communication (ISCC), pp 809–815. https://doi.org/10.1109/ISCC.2015.7405613

Nguyen PH, Yskout K, Heyman T, Klein J, Scandariato R, Le Traon Y (2015) Sospa: a system of security design patterns for systematically engineering secure systems. In: 2015 ACM/IEEE 18th international conference on model driven engineering languages and systems (MODELS), pp 246–255. https://doi.org/10.1109/MODELS.2015.7338255

Nguyen PH, Kramer M, Klein J, Traon YL (2015) An extensive systematic review on the model-driven development of secure systems. Inf Softw Technol 68:62–81. https://doi.org/10.1016/j.infsof.2015.08.006

Nguyen PH, Ali S, Yue T (2017) Model-based security engineering for cyber-physical systems: a systematic mapping study. Inf Softw Technol 83:116–135. https://doi.org/10.1016/j.infsof.2016.11.004

Nguyen P, Ferry N, Erdogan G, Song H, Lavirotte S, Tigli J, Solberg A (2019) Advances in deployment and orchestration approaches for IoT—a systematic review. In: 2019 IEEE international congress on Internet of Things (ICIOT), pp 53–60. https://doi.org/10.1109/ICIOT.2019.00021

Ntuli N, Abu-Mahfouz A (2016) A simple security architecture for smart water management system. Procedia Comput Sci 83:1164–1169. https://doi.org/10.1016/j.procs.2016.04.239 . The 7th international conference on ambient systems, networks and technologies (ANT 2016)/The 6th international conference on sustainable energy information technology (SEIT-2016)/Affiliated workshops

Office for Civil Rights (2013) Summary of the HIPAA security rule. https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html . Accessed 29 Sept 2020

Oracevic A, Dilek S, Ozdemir S (2017) Security in internet of things: a survey. In: 2017 international symposium on networks, computers and communications (ISNCC), pp 1–6 . https://doi.org/10.1109/ISNCC.2017.8072001

OWASP (2018) Internet of Things (IoT) Top 10 2018. https://owasp.org/www-pdf-archive/OWASP-IoT-Top-10-2018-final.pdf . Accessed 30 Sept 2020

Pacheco J, Ibarra D, Vijay A, Hariri S (2018) IoT security framework for smart water system. In: 2017 IEEE/ACS 14th international conference on computer systems and applications (AICCSA), vol 2017-October, pp 1285–1292. https://doi.org/10.1109/AICCSA.2017.85

Pacheco J, Satam S, Hariri S, Grijalva C, Berkenbrock H (2016) IoT security development framework for building trustworthy smart car services, pp 237–242. https://doi.org/10.1109/ISI.2016.7745481

Pacheco J, Tunc C, Hariri S (2019) Security framework for IoT cloud services, vol 2018-November . https://doi.org/10.1109/AICCSA.2018.8612808

Pahl C, Ioini NE, Helmer S, Lee B (2018) An architecture pattern for trusted orchestration in iot edge clouds. In: 2018 third international conference on fog and mobile edge computing (FMEC), pp 63–70. https://doi.org/10.1109/FMEC.2018.8364046

Paillier P (1999) Public-key cryptosystems based on composite degree residuosity classes. In: Stern J (ed) Advances in cryptology—EUROCRYPT ’99. Springer, Berlin, Heidelberg, pp 223–238

Pape S, Rannenberg K (2019) Applying privacy patterns to the internet of things’ (iot) architecture. Mobile Netw Appl 24(3):925–933. https://doi.org/10.1007/s11036-018-1148-2

Park C (2020) Security architecture for secure multicast coap applications. IEEE Internet Things J 7(4):3441–3452. https://doi.org/10.1109/JIOT.2020.2970175

Perera C, Barhamgi M, Bandara AK, Ajmal M, Price B, Nuseibeh B (2020) Designing privacy-aware internet of things applications. Inf Sci 512:238–257. https://doi.org/10.1016/j.ins.2019.09.061

Petersen K, Vakkalanka S, Kuzniarz L (2015) Guidelines for conducting systematic mapping studies in software engineering: an update. Inf Softw Technol 64:1–18

Petroulakis NE, Lakka E, Sakic E, Kulkarni V, Fysarakis K, Somarakis I, Serra J, Sanabria-Russo L, Pau D, Falchetto M, Presenza D, Marktscheffel T, Ramantas K, Mekikis P, Ciechomski L, Waledzik K (2019) Semiotics architectural framework: End-to-end security, connectivity and interoperability for industrial iot. In: 2019 Global IoT Summit (GIoTS), pp 1–6. https://doi.org/10.1109/GIOTS.2019.8766399

Porambage P, Ylianttila M, Schmitt C, Kumar P, Gurtov A, Vasilakos AV (2016) The quest for privacy in the internet of things. IEEE Cloud Comput 3(2):36–45

Portal G, de Matos E, Hessel F (2020) An edge decentralized security architecture for industrial iot applications. In: 2020 IEEE 6th World Forum on Internet of Things (WF-IoT), pp 1–6. https://doi.org/10.1109/WF-IoT48130.2020.9221176

Qanbari S, Pezeshki S, Raisi R, Mahdizadeh S, Rahimzadeh R, Behinaein N, Mahmoudi F, Ayoubzadeh S, Fazlali P, Roshani K, Yaghini A, Amiri M, Farivarmoheb A, Zamani A, Dustdar S (2016) IoT design patterns: computational constructs to design, build and engineer edge applications. In: 2016 IEEE first international conference on Internet-of-Things design and implementation (IoTDI), pp 277–282. https://doi.org/10.1109/IoTDI.2015.18

Rajmohan T, Nguyen PH, Ferry N (2020) Research landscape of patterns and architectures for iot security: a systematic review. In: 2020 46th Euromicro conference on software engineering and advanced applications (SEAA), pp 463–470. https://doi.org/10.1109/SEAA51224.2020.00079

Reinfurt L, Breitenbücher U, Falkenthal M, Leymann F, Riegg A (2016) Internet of things patterns. In: Proceedings of the 21st European conference on pattern languages of programs. EuroPlop ’16. ACM, New York, NY, USA. https://doi.org/10.1145/3011784.3011789

Richa E (2021) Iot: security issues and challenges. In: Senjyu T, Mahalle PN, Perumal T, Joshi A (eds) Information and communication technology for intelligent systems. Springer, Singapore, pp 87–96

Robles Enciso A, Zarca A, Garcia Carrillo D, Hernandez-Ramos J, Bernal Bernabe J, Skarmeta A, Matheu Garcia SN (2020) Security architecture for defining and enforcing security profiles in dlt/sdn-based iot systems. Sensors 20:1882. https://doi.org/10.3390/s20071882

Roman R, Najera P, Lopez J (2011) Securing the internet of things. Computer 44(9):51–58

Ross R, McEvilley M, Oren J (2016) NIST SP 800-160, systems security engineering considerations for a multidisciplinary approach in the engineering of trustworthy secure systems. National Institute of Standards & Technology, p 243. https://doi.org/10.6028/NIST.SP.800-160v1

Schmidt DC, Buschmann F (2003) Patterns, frameworks, and middleware: their synergistic relationships. In: 25th international conference on software engineering, 2003. Proceedings, pp 694–704

Schneier B (2017) Iot security: what’s plan b? IEEE Secur Privacy 15(05):96. https://doi.org/10.1109/MSP.2017.3681066

Schumacher M, Fernandez-Buglioni E, Hybertson D, Buschmann F, Sommerlad P (2013) Security patterns: integrating security and systems engineering. Wiley, Hoboken

Schuß M, Iber J, Dobaj J, Kreiner C, Boano CA, Römer K (2018) Iot device security the hard(ware) way. In: Proceedings of the 23rd European conference on pattern languages of programs. EuroPLoP ’18. ACM, New York, NY, USA, pp 20–1204. https://doi.org/10.1145/3282308.3282329

Steel C, Nagappan R (2006) Core security patterns: best practices and strategies for J2EE”, web services, and identity management. Pearson Education, London

Syed MH, Fernandez EB, Moreno J (2018) A misuse pattern for ddos in the iot. In: Proceedings of the 23rd European conference on pattern languages of programs. EuroPLoP ’18. ACM, New York, NY, USA, pp 34–1345. https://doi.org/10.1145/3282308.3282343

Tiburski RT, Moratelli CR, Johann SF, Neves MV, Matos ED, Amaral LA, Hessel F (2019) Lightweight security architecture based on embedded virtualization and trust mechanisms for iot edge devices. IEEE Commun Mag 57(2):67–73. https://doi.org/10.1109/MCOM.2018.1701047

Tran NK, Sheng QZ, Babar MA, Yao L (2017) Searching the web of things: state of the art, challenges, and solutions. ACM Comput Surv (CSUR) 50(4):55

Ur-Rehman O, Zivic N (2015) Secure design patterns for security in smart metering systems. In: 2015 IEEE European modelling symposium (EMS), pp 278–283. https://doi.org/10.1109/EMS.2015.49

Vijayakumaran C, Senthil M, Manickavasagam B (2020) A reliable next generation cyber security architecture for industrial internet of things environment. Int J Electr Comput Eng: IJECE 10:387. https://doi.org/10.11591/ijece.v10i1.pp387-395

Vithya Vijayalakshmi A, Arockiam L (2020) A secured architecture for iot healthcare system. In: Pandian AP, Senjyu T, Islam SMS, Wang H (eds) Proceeding of the international conference on computer networks, big data and IoT (ICCBI-2018). Springer, Cham, pp 904–911

Vučinić M, Tourancheau B, Rousseau F, Duda A, Damon L, Guizzetti R (2015) Oscar: object security architecture for the internet of things. Ad Hoc Netw 32:3–16. https://doi.org/10.1016/j.adhoc.2014.12.005 ( Internet of Things security and privacy: design methods and optimization )

Washizaki H, Ogata S, Hazeyama A, Okubo T, Fernandez EB, Yoshioka N (2020) Landscape of architecture and design patterns for iot systems. In: IEEE Internet of Things Journal 2020 (early Access), p 1. https://doi.org/10.1109/JIOT.2020.3003528

Washizaki H, Xia T, Kamata N, Fukazawa Y, Kanuka H, Yamaoto D, Yoshino M, Okubo T, Ogata S, Kaiya H, Kato T, Hazeyama A, Tanaka T, Yoshioka N, Priyalakshmi G (2018) Taxonomy and literature survey of security pattern research. In: 2018 IEEE conference on application, information and network security (AINS), pp 87–92. https://doi.org/10.1109/AINS.2018.8631465

Williams-Grut O (2018) Hackers once stole a casino’s high-roller database through a thermometer in the lobby fish tank. https://www.businessinsider.com/hackers-stole-a-casinos-database-through-a-thermometer-in-the-lobby-fish-tank-2018-4?r=US&IR=T . Accessed 20 Aug 2020

Witti M, Konstantas D (2018) A secure and privacy-preserving internet of things framework for smart city. In: Proceedings of the 6th international conference on information technology: IoT and smart city. ICIT 2018. Association for Computing Machinery, New York, NY, USA, pp 145–150. https://doi.org/10.1145/3301551.3301607

Wohlin C (2014) Guidelines for snowballing in systematic literature studies and a replication in software engineering. In: Proceedings of the 18th international conference on evaluation and assessment in software engineering. ACM, p 38

Wright M (2020) Default passwords banned for smart devices as part of hacking crackdown. https://www.telegraph.co.uk/news/2020/01/27/default-passwords-banned-smart-devices-part-hacking-crackdown/ . Accessed 20 June 2020

Yampolskiy M, Horvath P, Koutsoukos XD, Xue Y, Sztipanovits J (2013) Taxonomy for description of cross-domain attacks on cps. In: Proceedings of the 2nd ACM international conference on high confidence networked systems. HiCoNS ’13. Association for Computing Machinery, New York, NY, USA, pp 135–142. https://doi.org/10.1145/2461446.2461465

Ye F, Qian Y (2017) A security architecture for networked Internet of Things devices, vol 2018-January, pp 1–6. https://doi.org/10.1109/GLOCOM.2017.8254021

Yskout K, Heyman T, Scandariato R, Joosen W (2006) A system of security patterns. CW Reports. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.142.4538

Zhang J, Jin H, Gong L, Cao J, Gu Z (2019) Overview of IoT security architecture, pp 338–345. https://doi.org/10.1109/DSC.2019.00058

Zhu X, Badr Y (2018) Fog computing security architecture for the internet of things using blockchain-based social networks. In: 2018 IEEE international conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp 1361–1366

Download references

Acknowledgements

The research leading to these results has partially received funding from the European Commission's H2020 Programme under the grant agreement numbers 958363 (Dat4.ZERO), and 958357 (InterQ).

Author information

Authors and affiliations.

Capgemini, Oslo, Norway

Tanusan Rajmohan

SINTEF, Oslo, Norway

Phu H. Nguyen

Université Côte d’Azur, I3S/INRIA Kairos, Sophia Antipolis, France

Nicolas Ferry

You can also search for this author in PubMed   Google Scholar

Contributions

All authors contributed to all the steps of conducting this work and writing this manuscript. All the authors read and approved the final manuscript.

Corresponding author

Correspondence to Phu H. Nguyen .

Ethics declarations

Ethics approval and consent to participate.

Not applicable.

Consent for publication

Competing interests.

The authors declare that they have no competing interests.

Additional information

Publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cite this article.

Rajmohan, T., Nguyen, P.H. & Ferry, N. A decade of research on patterns and architectures for IoT security. Cybersecurity 5 , 2 (2022). https://doi.org/10.1186/s42400-021-00104-7

Download citation

Received : 30 April 2021

Accepted : 17 November 2021

Published : 05 January 2022

DOI : https://doi.org/10.1186/s42400-021-00104-7

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Architecture

A Study of Cyber Security Issues and Challenges

Ieee account.

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

Numbers, Facts and Trends Shaping Your World

Read our research on:

Full Topic List

Regions & Countries

Publications

• Our Methods
• Short Reads
• Tools & Resources

Read Our Research On:

Online Privacy & Security

Key findings about americans and data privacy.

71% of adults say they are very or somewhat concerned about how the government uses the data it collects about them, up from 64% in 2019.

How Americans View Data Privacy

The share of Americans who say they are very or somewhat concerned about government use of people’s data has increased from 64% in 2019 to 71% today. Two-thirds (67%) of adults say they understand little to nothing about what companies are doing with their personal data, up from 59%.

What Americans Know About AI, Cybersecurity and Big Tech

Americans’ understanding of digital topics varies notably depending on the subject. For example, majorities of U.S. adults know what cookies on websites do and can identify a secure password, but far fewer can recognize an example of two-factor authentication.

Quiz: Test your knowledge of digital topics

Test your knowledge of digital topics and terms by taking our nine-question quiz. Then, compare your score with knowledge measured among the American public.

Majority of Americans say TikTok is a threat to national security

About six-in-ten Americans (59%) see TikTok as a major or minor threat to national security in the United States.

As AI Spreads, Experts Predict the Best and Worst Changes in Digital Life by 2035

As they watch the splashy emergence of generative artificial intelligence and an array of other AI applications, experts participating in a new Pew Research Center canvassing say they have deep concerns about people’s and society’s overall well-being. At the same time, they expect to see great benefits in health care, scientific advances and education

The Future of Human Agency

Experts are split about how much control people will retain over essential decision-making as digital systems and artificial intelligence spread. They agree that powerful corporate and government authorities will expand the role of AI in people’s daily lives in useful ways. But, many worry these systems will diminish individuals’ ability to control their choices.

How Black Americans view the use of face recognition technology by police

Black Americans are critical of key aspects of policing and criminal justice. But their views on face recognition technology are more nuanced.

AI and Human Enhancement: Americans’ Openness Is Tempered by a Range of Concerns

Public views are tied to how these technologies would be used and what constraints would be in place.

Visions of the Internet in 2035

Asked to “imagine a better world online,” experts hope for a ubiquitous – even immersive – digital environment that promotes fact-based knowledge, offers better defense of individuals’ rights, empowers diverse voices and provides tools for technology breakthroughs and collaborations to solve the world’s wicked problems.

REFINE YOUR SELECTION

Research teams.

1615 L St. NW, Suite 800 Washington, DC 20036 USA (+1) 202-419-4300 | Main (+1) 202-857-8562 | Fax (+1) 202-419-4372 |  Media Inquiries

Research Topics

• Email Newsletters

ABOUT PEW RESEARCH CENTER  Pew Research Center is a nonpartisan fact tank that informs the public about the issues, attitudes and trends shaping the world. It conducts public opinion polling, demographic research, media content analysis and other empirical social science research. Pew Research Center does not take policy positions. It is a subsidiary of  The Pew Charitable Trusts .

© 2024 Pew Research Center

Security Management Research Paper Topics

Security management research paper topics are a critical area of study for management students looking to explore the complex world of safeguarding organizational assets. Security management covers various facets, including information security, physical security, risk management, compliance, and more. The study of security management is increasingly relevant in our technology-driven world. Research within this field equips students with the knowledge to protect an organization’s information and physical resources, and the skills to respond to rapidly evolving security threats. This page provides a comprehensive list of research topics to assist students in selecting a subject that aligns with their interests and the current industry demands. The following sections will provide an in-depth look into various security management research topics, organized into ten categories with ten subjects each. Additionally, this page will offer insights into how to choose and write about these topics, along with an overview of iResearchNet’s customized writing services for those who seek professional assistance.

100 Security Management Research Paper Topics

The field of security management is as vast as it is vital in today’s global landscape. From protecting information systems to ensuring the physical safety of assets, security management plays a central role in the smooth operation of organizations across various sectors. As we dive into this comprehensive list of security management research paper topics, students will find a plethora of subjects that are both challenging and relevant. The topics are divided into ten distinct categories, each focusing on a different aspect of security management.

Academic Writing, Editing, Proofreading, And Problem Solving Services

Get 10% off with 24start discount code.

• Role of Encryption in Data Protection
• Security Protocols in Wireless Networks
• Cloud Security Management Strategies
• Biometric Security Measures
• Ethical Hacking and Defense Strategies
• Security Risks in Internet of Things (IoT)
• Mobile Application Security
• Compliance with GDPR and Other Regulations
• Social Engineering Attacks and Prevention
• Virtual Private Networks (VPNs) and Security
• Designing Secure Buildings and Facilities
• Access Control Systems and Technologies
• Surveillance and Monitoring Techniques
• Security Personnel Training and Management
• Risk Assessment for Physical Threats
• Vehicle Security and Fleet Management
• Maritime Security Protocols
• Security Measures for Public Events
• Emergency Response and Evacuation Planning
• Integration of Technology in Physical Security
• Enterprise Risk Management Strategies
• Security Policies and Compliance Auditing
• Regulatory Compliance in Different Industries
• Risk Mitigation and Disaster Recovery Planning
• Cyber Insurance and Risk Transfer
• Security Awareness and Training Programs
• Third-party Vendor Risk Management
• Financial Risk Management in Security Operations
• Implementing ISO Security Standards
• Privacy Policies and Consumer Protection
• Cyber Threat Intelligence and Analysis
• Intrusion Detection Systems and Firewalls
• Secure Software Development Lifecycle
• Incident Response and Crisis Management
• Security Considerations in E-commerce
• Protecting Against Ransomware and Malware
• Security in Social Networking Sites
• Cybersecurity in Critical Infrastructure
• Mobile Device Security in the Workplace
• Privacy vs. Security in Cyber Law
• Role of CISO (Chief Information Security Officer)
• Security Leadership and Governance
• Insider Threat Management and Mitigation
• Security Culture and Employee Behavior
• Contractual and Legal Aspects of Security
• Intellectual Property Protection
• Security Metrics and Performance Indicators
• Outsourcing Security Services
• Security Budgeting and Financial Management
• Integrating Security with Business Strategy
• Terrorism and Counterterrorism Strategies
• Security Intelligence and Law Enforcement
• Border Control and Immigration Security
• Cyber Warfare and State-sponsored Attacks
• Protection of Critical National Infrastructure
• Emergency Preparedness and Response
• Security Considerations in International Relations
• Humanitarian Security and Crisis Management
• Nuclear Security and Non-proliferation
• Global Maritime Security Issues
• Security in Hospitals and Healthcare Facilities
• Patient Data Privacy and HIPAA Compliance
• Medical Device and IoT Security
• Emergency Medical Services and Security
• Security Measures for Mental Health Facilities
• Pharmaceutical Supply Chain Security
• Bioterrorism and Public Health Security
• Security Education for Healthcare Professionals
• Medical Records Security and Management
• Telemedicine and Remote Healthcare Security
• Security Considerations in Online Retail
• Fraud Detection and Prevention Strategies
• Payment Security and PCI Compliance
• Inventory Security and Loss Prevention
• Consumer Trust and Brand Protection
• E-commerce Regulations and Compliance
• Security in Omnichannel Retailing
• Secure Customer Experience Design
• Mobile Commerce Security
• Retail Surveillance and Anti-shoplifting Techniques
• Campus Safety and Security Measures
• Cybersecurity Education and Curriculum
• Student Data Privacy and Protection
• Security in Online Learning Platforms
• Intellectual Property Rights in Academia
• Emergency Response Plans for Educational Institutions
• School Transportation Security
• Security Measures for Laboratories and Research Facilities
• Ethical Guidelines in Academic Research
• Security Considerations in International Student Exchange
• Artificial Intelligence in Security
• Quantum Computing and Cryptography
• Security Implications of 5G Technology
• Sustainable and Green Security Practices
• Human Factors in Security Design
• Blockchain for Security Applications
• Virtual and Augmented Reality Security
• Security in Autonomous Vehicles
• Integration of Smart Technologies in Security
• Ethical Considerations in Emerging Security Technologies

Security management is an ever-evolving field, reacting to both technological advancements and global socio-political changes. The above categories and topics encompass a broad spectrum of the security management domain. This comprehensive list is designed to inspire students and guide them towards a research paper that not only interests them but also contributes to the growing body of knowledge in security management. By exploring these topics, students will have the opportunity to deepen their understanding of current issues and become part of the ongoing conversation in this vital area of study.

Security Management and the Range of Research Paper Topics

Introduction to security management.

Security management has increasingly become a central concern for organizations, governments, and individuals in our interconnected and technologically driven world. Its primary focus is on safeguarding assets, information, and people by assessing risks and implementing strategies to mitigate potential threats. From the micro-level of individual privacy protection to the macro-level of national security, the concepts and practices within this field permeate almost every aspect of our daily lives. This article delves into the fundamental aspects of security management and explores the extensive range of research paper topics it offers.

Key Principles and Concepts in Security Management

• Risk Assessment and Mitigation: At the core of security management lies the process of identifying, evaluating, and minimizing risks. It involves recognizing potential vulnerabilities, assessing the likelihood of threats, and implementing measures to reduce the potential impact.
• Compliance and Regulation: Security management is also heavily influenced by various laws, regulations, and industry standards. Whether it’s GDPR for data protection or HIPAA for healthcare, compliance with these regulations is essential to avoid legal consequences.
• Physical and Cyber Security: Security management encompasses both the physical and digital realms. Physical security focuses on protecting tangible assets, such as buildings and equipment, while cyber security emphasizes safeguarding digital information.
• Human Factors: People are often considered the weakest link in security. Training, awareness, and a robust security culture are crucial in ensuring that employees and stakeholders understand and adhere to security protocols.
• Technology and Innovation: With the advent of new technologies like AI, blockchain, and IoT, security management must continuously evolve to address the unique challenges and opportunities they present.
• Global Perspectives: In a globally connected world, security management must consider international laws, cross-border data flows, and the unique risks associated with different geographical regions.
• Ethics and Social Responsibility: Ethical considerations in security management include respecting individual privacy, transparency in surveillance, and social responsibility in using technology for security purposes.

Range and Depth of Research Paper Topics

Given the complexity and multidimensionality of security management, the range of research paper topics in this field is vast. The following sections provide an insight into the various dimensions that can be explored:

• Information Security Management: Research can focus on encryption, authentication, intrusion detection, or explore the psychological aspects of social engineering attacks.
• Physical Security Management: Topics may include architectural design for security, biometrics, or the balance between security and convenience in access controls.
• Organizational Security Management: This includes leadership and governance in security, insider threats, and the alignment of security strategies with business goals.
• Global and National Security Management: Areas to explore here include counterterrorism strategies, cybersecurity policies among nations, or human rights considerations in security protocols.
• Retail and E-commerce Security Management: From payment security to fraud detection, this area explores the unique challenges in the retail and online shopping environment.
• Emerging Trends in Security Management: This invites research into the future of security management, considering technological advancements, emerging threats, and the ethical implications of new tools and techniques.

Security management is an intricate field that intertwines technological, human, organizational, and societal aspects. It continues to evolve in response to the rapidly changing global landscape marked by technological innovation, geopolitical shifts, and emerging threats. The range of research paper topics in security management reflects this diversity and offers a wealth of opportunities for students to engage with cutting-edge issues.

The ongoing development of this field requires fresh insights, innovative thinking, and a commitment to understanding the underlying principles that govern security management. By delving into any of the areas outlined above, students can contribute to this exciting and ever-changing field. Whether exploring traditional aspects like risk management or venturing into the realms of AI and blockchain, the possibilities for research are as broad and varied as the field itself.

This article provides a foundational understanding of security management and serves as a springboard for further exploration. It’s a gateway to a myriad of research avenues, each offering a unique perspective and challenge, all united by the common goal of enhancing the security and safety of our interconnected world.

How to Choose Security Management Research Paper Topics

Selecting a topic for a research paper in the field of security management is a crucial step that sets the tone for the entire research process. The breadth and depth of this field offer a wide array of possibilities, making the choice both exciting and somewhat daunting. The topic must be relevant, engaging, unique, and, most importantly, aligned with the researcher’s interests and the academic requirements. This section provides a comprehensive guide on how to choose the perfect security management research paper topic, with 10 actionable tips to simplify the process.

• Identify Your Interests: Begin by exploring areas within security management that truly intrigue you. Whether it’s cyber threats, risk management, or physical security measures, your passion for the subject will drive a more engaging research process.
• Understand the Scope: Security management spans across various sectors such as IT, healthcare, retail, and more. Assess the scope of your paper to determine which sector aligns best with your academic needs and professional goals.
• Consider the Relevance: Choose a topic that is pertinent to current trends and challenges in security management. Researching emerging threats or innovative technologies can lead to more compelling findings.
• Assess Available Resources: Ensure that there is enough accessible information and research material on the chosen topic. A topic too obscure might lead to difficulties in finding supporting evidence and data.
• Consult with Your Advisor or Mentor: An experienced academic advisor or mentor can provide valuable insights into the feasibility and potential of various topics, helping you make an informed decision.
• Balance Complexity and Manageability: Selecting a topic that is too broad can be overwhelming, while a narrow topic might lack depth. Striking the right balance ensures that you can comprehensively cover the subject within the stipulated word count and time frame.
• Consider Ethical Implications: Especially in a field like security management, ethical considerations must be at the forefront. Any topic involving human subjects, privacy concerns, or potentially sensitive information should be approached with caution and integrity.
• Align with Learning Objectives: Reflect on the specific learning outcomes of your course or program, and choose a topic that aligns with these objectives. It ensures that your research contributes to your overall academic development.
• Evaluate Potential Contributions: Think about what new insights or perspectives your research could offer to the field of security management. Choosing a topic that allows you to make a meaningful contribution can be more satisfying and impactful.
• Experiment with Preliminary Research: Before finalizing a topic, conduct some preliminary research to gauge the existing literature and potential research gaps. It can help refine your focus and provide a clearer direction.

Choosing a research paper topic in security management is a multifaceted process that requires thoughtful consideration of various factors. By following the tips outlined above, you can navigate through the complexities of this task and select a topic that resonates with your interests, aligns with academic goals, and contributes to the broader field of security management. Remember, a well-chosen topic is the foundation upon which a successful research paper is built. It’s the starting point that leads to a journey filled with discovery, analysis, and intellectual growth. Make this choice wisely, and let it be a gateway to an engaging and rewarding research experience.

How to Write a Security Management Research Paper

A. introductory paragraph.

Writing a research paper on security management requires more than just a keen interest in the subject; it demands a systematic approach, adherence to academic standards, and the ability to synthesize complex information. Security management, with its multifaceted nature encompassing physical security, cybersecurity, risk assessment, and more, offers an exciting but challenging landscape for research. In this section, we will delve into a step-by-step guide comprising 10 vital tips on how to write an effective security management research paper. These tips aim to guide you through the research, planning, writing, and revision stages, ensuring a coherent and impactful paper.

• Choose the Right Topic: Guidance: Reflect on your interests, the current trends in the field, and the available resources. Consult with mentors and refer to the previous section for more insights into selecting the perfect topic.
• Conduct Thorough Research: Guidance: Use reliable sources like academic journals, books, and reputable online resources. Gather diverse viewpoints on the topic and keep track of the sources for citation.
• Develop a Strong Thesis Statement: Guidance: The thesis should encapsulate the main argument or focus of your paper. It should be clear, concise, and specific, providing a roadmap for the reader.
• Create an Outline: Guidance: Outline the main sections, including introduction, literature review, methodology, findings, discussion, conclusion, and references. An organized structure helps maintain coherence and logical flow.
• Write a Compelling Introduction: Guidance: Begin with a hook that grabs the reader’s attention, provide background information, and conclude with the thesis statement. The introduction sets the stage for the entire paper.
• Employ the Appropriate Methodology: Guidance: Choose the research methods that align with your research question and objectives. Explain the rationale behind your choices, ensuring that they adhere to ethical standards.
• Analyze Findings and Discuss Implications: Guidance: Present your research findings in a clear and unbiased manner. Discuss the implications of the results in the context of the existing literature and real-world applications.
• Conclude with Insight: Guidance: Summarize the main findings, restate the thesis in the context of the research, and discuss the potential limitations and future research directions. The conclusion should leave the reader with something to ponder.
• Adhere to Academic Formatting: Guidance: Follow the specific formatting guidelines required by your institution or the style guide (APA, MLA, etc.). Pay attention to citations, references, headings, and overall presentation.
• Revise and Proofread: Guidance: Allocate ample time for revising content, structure, and language. Use tools or seek help from peers or professionals for proofreading to ensure grammatical accuracy and clarity.

Writing a security management research paper is a rigorous and intellectually stimulating endeavor that requires meticulous planning, research, and execution. The tips provided in this guide are meant to facilitate a well-structured and insightful paper that adheres to academic excellence. By following these guidelines, you not only develop a comprehensive understanding of security management but also contribute valuable insights to this evolving field. Remember, writing is a process of exploration, articulation, and refinement. Embrace the challenge, learn from the journey, and take pride in the scholarly contribution you make through your research paper on security management.

iResearchNet’s Custom Research Paper Services

In the complex world of security management, crafting a top-notch research paper can be a daunting task. The landscape of security management is multifaceted, encompassing areas such as cybersecurity, risk analysis, policy development, physical security, and much more. For students juggling multiple responsibilities, producing a quality research paper on these intricate subjects may seem nearly impossible. That’s where iResearchNet comes into play. Offering tailor-made solutions to your academic needs, iResearchNet is your go-to service for custom security management research papers. Below are the features that make iResearchNet the ideal choice for your academic success.

• Expert Degree-Holding Writers: At iResearchNet, we employ writers who not only hold advanced degrees but also have extensive experience in security management. Their expertise ensures that your paper is insightful, well-researched, and academically sound.
• Custom Written Works: Every research paper is crafted from scratch, tailored to your specific needs, guidelines, and preferences. Our writers work closely with you to understand your vision, making the paper uniquely yours.
• In-Depth Research: Our team engages in thorough research, using reputable sources and cutting-edge methodologies. This diligent approach guarantees a comprehensive understanding of the subject and a well-rounded paper.
• Custom Formatting: Adhering to academic standards is crucial, and our writers are skilled in various formatting styles. Whether APA, MLA, Chicago/Turabian, or Harvard, your paper will be formatted to perfection.
• Top Quality: Quality is at the core of our services. From the initial draft to the final submission, we maintain the highest standards of excellence, ensuring that your paper stands out.
• Customized Solutions: We recognize that each student’s needs are unique. Hence, our solutions are not one-size-fits-all but are customized to meet your specific requirements, timelines, and academic level.
• Flexible Pricing: Quality doesn’t have to break the bank. Our pricing structure is designed to be affordable and flexible, providing various options to fit different budgets.
• Short Deadlines: Whether you’re facing a last-minute crunch or planning ahead, our writers can accommodate tight deadlines. Even within as short as 3 hours, we deliver without compromising on quality.
• Timely Delivery: Your time is valuable, and we respect that. Our commitment to timely delivery ensures that you receive your paper well before the deadline, giving you ample time for review.
• 24/7 Support:  Questions or concerns? Our support team is available around the clock. With 24/7 assistance, you can rest assured that help is always just a click away.
• Absolute Privacy: Your privacy is our priority. We employ stringent security measures to protect your personal information. With iResearchNet, your details are safe, secure, and confidential.
• Easy Order Tracking:  With our user-friendly tracking system, you can easily monitor the progress of your order. Stay updated, provide feedback, and enjoy a smooth and transparent process.
• Money Back Guarantee:  Your satisfaction is our goal. If, for any reason, our services do not meet your expectations, our money-back guarantee ensures that you are not at a loss.

iResearchNet’s custom security management research paper services are more than just a promise; they are a commitment to excellence, convenience, and integrity. Our blend of expert writers, personalized solutions, quality assurance, and robust support makes us the preferred choice for students across the globe. Dive into the world of security management without the stress of paper writing, knowing that iResearchNet has got your back. Embark on your academic journey with confidence and trust in a partner who understands your needs and shares your pursuit of excellence. With iResearchNet, you’re not just ordering a paper; you’re investing in your future.

Secure Your Academic Success Today

Are you feeling overwhelmed with the prospect of writing your security management research paper? Perhaps you’re struggling to find the right topic, or the research is becoming a tedious task? You don’t have to go through this alone. With iResearchNet’s specialized writing services, all your academic challenges can be turned into opportunities for success.

What sets iResearchNet apart from other writing services is not just our expertise and quality but our understanding of students’ needs. We know that every research paper is not just a task but a step towards your future career in security management. That’s why we invest our best resources to make sure your paper is nothing short of perfect. Our expert writers, meticulous research, and dedication to your satisfaction are all geared towards one goal – helping you excel.

We don’t just write papers; we create opportunities for learning and growth. When you choose iResearchNet, you’re not only receiving a top-notch research paper but also gaining access to a treasure trove of knowledge in security management. With our 24/7 support, flexible pricing, and customizable solutions, your success is no longer a distant dream but a tangible reality.

Take the step towards a brighter academic future. Don’t let the burden of research and writing hold you back from achieving your best. Click the button below to place your order and begin a collaborative journey with iResearchNet. With our secure and user-friendly platform, ordering your custom security management research paper is just a few clicks away. Empower yourself with the right partner, and let iResearchNet pave the way to your academic success.

ORDER HIGH QUALITY CUSTOM PAPER