F1000ResearchF1000Research2046-1402F1000 Research LimitedLondon, UK10.12688/f1000research.173916.1Research ArticleArticlesEmerging Trends in Cybersecurity: Machine Learning as a Game-Changer in Next-Generation Cybersecurity Applications
[version 1; peer review: 2 approved with reservations]
RazzaqKamranConceptualizationData CurationFormal AnalysisFunding AcquisitionInvestigationMethodologyProject AdministrationResourcesSoftwareValidationVisualizationWriting – Original Draft PreparationWriting – Review & Editinghttps://orcid.org/0000-0002-1738-3744a1ShahMahmoodProject AdministrationResourcesSupervision2
Northumbria University Newcastle Business School, Newcastle upon Tyne, England, NE1 8ST, UK
Directorate of Research & Innovation, Muscat University, Muscat, Muscat Governorate, Omankamran.razzaq@northumbria.ac.uk
The relentless surge and growing frequency of cyber threats have indicated that traditional cybersecurity systems are ineffective. The need for more vigorous measures to safeguard information systems has never been more critical. This dilemma underscores the urgent need for advanced, adaptive cybersecurity solutions to detect and proactively counter these sophisticated threats. The study aims to investigate the game-changing role of machine learning in advancing cybersecurity through an in-depth scientometrics and bibliometric analysis. The study aims to map the current research landscape, identify significant contributions, discover emerging trends, and underscore key advancements in machine learning-based cybersecurity practices.
Methods
The Scopus database was used to conduct bibliometric and scientometric analyses of the machine learning and cybersecurity literature published from 2010 to 2024. Advanced tools were employed for scientometric analysis to evaluate scholarly output, authors’ impact, and the co-occurrence of keywords across geographical, organisational, and thematic indicators.
Results
The study found that India remains at the top in publication count, with IEEE Access as the leading journal and Princess Nourah Bint Abdul Rahman University as the most productive institution in machine learning and cybersecurity research. The study finds that Alazab, M., and Rao, R. are the most dominant authors. The findings revealed a significant increase in scholarly output since 2013, with intrusion detection, cybercrime prevention, and machine learning techniques identified as the most prominent themes.
Conclusions
The study highlights the significant role of ML in deriving next-generation cybersecurity solutions. The results could empower practitioners and researchers to establish a proactive, machine-learning-driven cybersecurity infrastructure. Future research should emphasise collaboration with other disciplines, including the social and psychological aspects of cyber threats.
Cyber fraudCybersecurityMachine LearningArtificial IntelligenceSystematic ReviewBibliometricsThe author(s) declared that no grants were involved in supporting this work.1. Introduction
Technological advancement is making lives easier on one end and exposing them to new risks on the other. Cybersecurity, therefore, is the process by which the organisation protects its systems and information from unauthorised access and attacks.
1 Due to the continuous growth and complexity, organisations must adopt innovative technologies to ensure adequate data protection.
2 One such technology with great promise for enhancing cybersecurity is machine learning (ML), a subset of artificial intelligence. ML empowers computers to analyse data, detect patterns, and produce outputs or predictions without being explicitly programmed for each eventuality. This technology can quickly detect unusual patterns and risks, making it a powerful tool in cybersecurity.
3 ML enables computers to analyse data and, through analytics, to decide or provide a prediction rather than being programmed for every eventuality. With this technology, one can quickly detect unusual patterns and risks more effectively than with known methods.
A bibliographic review can help one understand how ML is being implemented in cybersecurity. This method primarily entails critically reviewing published papers, articles, journals, and other academic documents to identify trends, developments, and focal areas. For example, in 2019, hackers accessed the database of the Capital One company and stole the data of more than one hundred million clients.
4 The following year, Equifax experienced a significant setback and witnessed the loss of sensitive information of approximately 147 million people.
5 Cases like this show how easily digital data can be compromised, affecting millions and causing severe harm. The situation worsens when such attacks target one of the nation’s stressed structures. For instance, the Ukrainian Blackout in December 2015 was an attack that disconnected over 230,000 residents.
6 This sort of attack can disrupt everyday activities and have adverse effects on industries and communities.
Concerning emergent threats, substandard basic security intervention measures are well appreciated.
7 To address such challenges, organisations are implementing new technologies, including but not limited to ML. Thus, across a wide range of applications, ML has been highly valuable for numerous tasks, including pattern recognition, natural language processing, and speech recognition.
8 This more refined strategy can counter the latest attacks that older forms of detection may not handle.
On the other hand, the study explores recent developments and rising trends in cybersecurity, with more attention to machine learning-based cybersecurity strategies, using bibliographic analysis. The study placed greater emphasis on both cybersecurity and machine learning, particularly the role of machine learning in improving threat detection, automated incident response, threat prevention, anomaly detection, and threat prediction. The analysis also offered future insights and recommendations for improving cybersecurity practices, drawing on key publications.
2. Literature review
Cybersecurity and artificial intelligence are being combined to improve security in the digital world. While there is a strong trend towards applying ML to cybersecurity, limited theoretical research examines the connection between the two fields and the ways in which ML and cybersecurity are essential for developing better security measures to address high-profile threats. Bibliographic analysis helps us understand how a given body of research evolves over time. As Haghani
9 discussed, reviewing scientific studies helps demonstrate how research progresses and interacts across different fields. These reviews help people identify patterns and relationships in research by factors such as who is collaborating and what work is sourced.
10 Managing research information is still somewhat challenging for most academics. It is imperative to underscore the need for enhanced bibliometric instruments and techniques to deepen our understanding of how machine learning is applied in cybersecurity.
11 While it is crucial to maintain and assess reference frameworks useful for structuring research activities, they sometimes fall short of providing a detailed description of pressing research and collaboration. Therefore, there is a need to improve bibliometric instruments and techniques to better understand how machine learning is applied in cybersecurity.
The study presents the latest trends and advancements in the integration of machine learning and cybersecurity. To conduct the literature review and determine the main trends, the next question is to establish how these technologies increase the likelihood of standing up to new threats in cyberspace. Thus, a literature review of this research helps reveal the most recent developments and trends concerning implementing ML in cybersecurity. In this paper, we will discuss contemporary developments in cybersecurity, particularly the application of ML to strengthen security systems. We will also review the literature to examine the implications of such technologies and their potential future development.
Haghani
9 presented a study aiming to demonstrate how scientometric reviews can help us understand the organisation and development of research in various fields. Doing so will show that such reviews have become a means to examine massive research data, thereby revealing the dimensions of growth in these areas and their connections. It helps researchers, editors, and reviewers perform and evaluate good scientometric reviews. The study presents different ways to conduct scientometric analysis through co-authorship networks and by looking at citation links between documents.
10
Scientific data is a concern for many researchers as it becomes difficult to manage and analyse.
11 They require straightforward reference frameworks for the research process to plan and assess the various activities required in research. Such indicators may differ and will only sometimes provide a clear picture of the research activity and cooperation.
Another bibliographic study by Nobanee, Alodat
12 explored how research on cybercrime and cybersecurity has evolved. The study further stated that it increases awareness of online threats and emphasises the need for cybersecurity education from an early age. Our understanding of how to prevent cybercrime and assess cybersecurity risks must improve, especially in terms of technology. It's crucial to raise awareness about the dangers and significance of cybersecurity and focus more on effective risk management and protective measures, as shown in the existing literature. This understanding of the evolution of cyber threats underscores the need for continuous research and development in cybersecurity.
On some later occasions, Adnan, Lal
13 identified the relationship between advanced cybersecurity methods and machine learning. This showcases the implementation of Machine Learning to elevate cybersecurity. New techniques include advanced algorithms that recognise and respond efficiently to cyber threats. For example, using ML algorithms to identify patterns in the data and other anomalies can be a robust way to defend sensitive information and systems by forewarning internal stakeholders of potential threats. This integration of machine learning and cybersecurity is the foundation for creating state-of-the-art tools and strategies to counter emerging cyber threats, making it difficult for attackers. Understanding when and how trust in technologies is generated and linked to the user’s acceptance and interaction.
14
Cabezas-Clavijo, Milanés-Guisado,
15 stated that suitable research protocols like the ones applied to systematic reviews should be employed and recommended that researchers, together with editors and reviewers, work towards establishing a better set of rules for bibliometric analyses.
Table 1 comprehensively compares different machine learning-based techniques implemented for proactive cybersecurity, with advantages and disadvantages of each techniques.
Comparison of the state-of-the-art techniques used in cybersecurity.
Study
Techniques
Advantages
Dataset
Scope
Limitations
16
DL
IDS implemented using DL, Accurate Detection
Large
Overall Cybersecurity
High computational cost
17
DL
Android-specific with high accuracy
Moderate
Mobile Operating Systems
Platform dependent
18
GANs
GANs performed well for balanced class detection
Small to moderate
Domain Specific
Domain-based implementation
19
Adversarial ML
Attack-resilience focus
N/A
ML-based IDS
Simulation-based yet
20
ML/IDS
The SDN-based system outperformed
Moderate
SDN Infrastructure
Limited to SDN
21
Semantics-based detection
High real-time protection
Moderate
Digital Environments
Scalability problems
22
Text Mining
Performed well on financial and social media data
Moderate
Finance
Noise sensitive
23
Feature-based classification
Good detection accuracy with a structured approach
Moderate
Phishing Detection
Limited features
24
LightGBM
The optimised model worked well with efficiency and accuracy
Small
Credit Card Fraud Detection
Tuning required
25
ML/DL
Generalised benefits
Multiple Datasets
General
Light model
3
ML
Multiple techniques performed well
Multiple Datasets
General
Less technical model
26
CNN, DNN, LSTM
99.99% accuracy of the CNN model
CIC-DDoS2019
Network-based IDS
Tuning required
27
DNN
Accuracy of 96.70%
Experiment-based
Self-guided Vehicles
Platform dependent
28
Boosted DT
An accuracy of almost 100% achieved
Moderate
Phishing Detection
Limited features
29
ML/SDN
99.53% F1 score obtained
X-IIoTID, TON_IoT
Hybrid SDN-IoT
Modular multi-controller
30
GANs
Attack agnostic defence with 90+% accuracy
Moderate
ML-based systems
High training cost
31
Ensemble ML
99.01% accuracy was achieved
Small
Finance
Enhanced meta learning required
This study aims to show how cybersecurity and machine learning research are developing. By examining how research is distributed across different fields, the study seeks to identify significant trends, key contributors, and emerging areas gaining attention. Understanding this helps us see how these fast-changing fields are growing and where future research should go. This study is essential because cybersecurity and machine learning are becoming crucial in solving global problems. Machine learning is critical to building a solid defence as cyber threats become more advanced. This study shows where research currently stands and identifies areas that need more attention, making it a valuable guide for researchers, decision-makers, and industry experts working to improve security through new technology.
3. Methodology
In this study, we use a bibliometric analysis to examine the relationship between the development of cybersecurity and machine learning research. We selected Scopus as our database, as it provides vast research in the science field.
32 This database is suitable for identifying relevant papers about our topic of interest. We carefully planned our search by using specific words important to both fields, such as “cyber security,” “machine learning,” “security,” “data security,” and “Bibliographic Analysis,” among others and their derivatives.
This helped source various research types, ensuring the program received only proper, high-quality data. The review includes papers from 2010 to 2024, as shown in
Table 2. This time frame was chosen to capture current findings and emerging trends in the literature.
Papers extraction for cybersecurity and machine learning.
Criterion
Specifications
No. of documents
Search Query
TITLE-ABS-KEY (machine AND learning AND (cybercrime OR cybercrime OR online AND crime)) AND PUBYEAR > 2009 AND PUBYEAR < 2026
1,827
Search Query to Refine Results
TITLE-ABS-KEY (machine AND learning AND (cybercrime OR cybercrime OR online AND crime)) AND PUBYEAR > 2009 AND PUBYEAR < 2026 AND (LIMIT-TO (DOCTYPE, "ar") OR LIMIT-TO (DOCTYPE, "re")) AND (LIMIT-TO (LANGUAGE, "English"))
528
Access
We included both open-access and non-open-access documents
749
Date of Query Search
September 4, 2024
Year of Publication
Between 2009 and 2024
Subject Area
We have included all subject areas
Source Type
We limited our search to articles and journals
Language
We limited our search to English-language sources
This study uses bibliometric analysis to understand how cybersecurity and machine learning research have evolved.
Figure 1 explains in detail the methodology of the bibliographic study. Data was extracted using the selected papers' titles, abstracts, and keywords. It was possible to collect bibliometric information, including the number of published articles, citations, authors, journals, and their respective affiliations. This comprised the following techniques. To address our first research question, we employed descriptive statistics to examine how it has grown over time. We then focus on the topics, the authors, and the research focus as observed and established over the years. The last group of metrics involved a similar analysis of collaboration patterns and citations to identify key authors and papers.
Methodology for bibliometric analysis of cybersecurity and machine learning research.
New techniques of text mining and machine learning analysis of the content of the documents to find information about the key authors and influential papers. The bibliometric data was compared with other bibliometric tools and databases to ensure the accuracy of the results. The articles are evaluated based on their citation index and the number of citations from other researchers to identify key studies that are important and influential. This helped establish a pool of foundational papers that served as the basis for understanding the relationship between cybersecurity and machine learning. We also considered the geographical and institutional sources of the work to identify where significant advances are made and to discover the most active institutions/regions in this domain.
In
Figure 2, we conducted a comparative analysis with similar studies from other databases and sources to further validate our findings. This helped us verify the robustness of our results and ensure that our analysis was comprehensive and not biased by any single database. The study's methodology thus provides a rigorous and well-rounded examination of the advancements and trends in cybersecurity and machine learning research. This comprehensive approach contributes to academic literature and offers practical insights for professionals in these fields.
Document by subject area.
4. Findings
This research aims to identify the categories of research areas that have attracted the most attention and activity in cybersecurity and machine learning. By identifying how research is distributed, it is possible to determine trends, active researchers, main research fields, and even upcoming research directions. The findings help identify significant trends and explore new areas, as the volume of published articles reflects the work done in various fields. This analysis also determines which areas of study are expanding and how they connect to advancing technologies and solutions in a particular field. Understanding these trends can help define future research directions and highlight topics that require greater focus or investigation. A big part, 41%, is in Computer Science, which makes sense because cybersecurity and machine learning are tech-heavy topics. Engineering is next, with 21.2%, as it closely relates to the technical side of these fields. Mathematics and Social Sciences each make up about 6% of the research. Mathematics is critical because many machine learning methods rely on math. Social Sciences have a smaller share but are essential for studying how technology affects society. Materials Science and Decision Sciences account for about 6.7% and 2.8% of the research. These fields help us understand the technical and decision-making parts of cybersecurity and machine learning. Other areas, like Business, Arts and Humanities, Psychology, and Medicine, each comprise less than 2% of the research. This shows that while these subjects are related to cybersecurity and machine learning, they are less common in current research.
4.1 Document by type
In
Figure 3, we see that nearly all documents (95.8%) are research articles. These are papers that share new research and discoveries.
Document by type.
Just 4.2% are review papers. These reviews summarise other research on a topic rather than presenting new findings. Most documents are articles with new information, while reviews are much less common in this research.
4.2 Document by affiliation
In our study, we examined the number of research papers that different universities have published in
Figure 4. We found that Princess Nourah Bint Abdulrahman University and King Saud University have published the most papers, showing they are very active in this research area.
Documents by affiliation.
Universiti Sains Malaysia and Prince Sultan University have also published many papers, but not as many as the top two. Prince Sattam Bin Abdulaziz University and Yeungnam University have fewer papers, but they still need to make a notable contribution. Other institutions, such as the Ministry of Education of the People's Republic of China, the University of Northumbria Newcastle, the University of Electronic Science and Technology of China, and the Vellore Institute of Technology, publish fewer papers than leading universities. This helps us see which institutions are most involved and influential in cybersecurity and machine learning research.
4.3 Document by author
Our study counted the number of research papers written by cybersecurity and machine learning authors.
Figures 5 and
6 show that the most influential authors are Alazab, M., and Rao, R.S., who authored five articles.
Documents by author.
Documents by country.
As a result, Elsisi, M., Hamza, M.A., and Ravi, V. have also written a good number of papers, but fewer than the top two. Other authors, such as Stringhini, G., Tran, M.Q., Abdullah, M.T., Al-Wesabi, F.N., and Ashraf, I., have published fewer papers. This helps us understand which authors are the most active and vital in this research field.
4.4 Document by country
Our analysis examined the number of research papers published by different countries on cybersecurity and machine learning.
Figures 6 and
7 show that India has published the most papers, leading the list. The United States and Saudi Arabia also publish many works. China, the United Kingdom, and Malaysia contribute significantly but have fewer papers than the top three. Countries like Australia, Pakistan, Egypt, and South Korea have published even fewer papers. This information helps us understand which countries are most active and contribute the most to cybersecurity and machine learning research.
Network of the top countries.
4.5 Documents vs citation diagram
We examined the number of research papers published and the frequency with which other researchers cited them.
Figure 8 shows that 40 papers were published in 1999, but needed to be cited more. By 2024, even though only a few new papers were published, the number of times those papers were cited grew significantly, reaching 4,103 citations. Cybersecurity and machine learning research have become more critical and recognised.
Documents vs citation diagram.
4.6 Documents per year by source
We studied how many research papers and journals are published each year in cybersecurity and machine learning.
Figure 9, from 2013 to 2024, shows that “IEEE Access” and “Multimedia Tools and Applications” published the most papers yearly. Other journals, like “Computers Materials and Continua,” “International Journal of Advanced Computer Science and Applications,” and “Expert Systems with Applications,” also published papers, but not as many. This helps us see which journals are the most active in sharing cybersecurity and machine learning research over the years.
Papers per year by source.
4.7 Documents per year
When analysing this, we examined the annual publication trend in machine learning and cybersecurity.
The data in
Figure 10 indicate that the number of papers grew slowly from about 2013 onward. The growth continued, with more papers issued yearly until 2024, when the number peaked. This shows that, over time, cybersecurity and machine learning have been among the subjects that researchers have given greater attention to, leading to more papers on them. Based on bibliometric analysis, the list of leading keywords is presented in
Figure 11.
Publications per year.
Network of leading keywords.
4.8 Papers with the highest citation
In our study, we identified which cybersecurity and machine learning research papers have been cited most by other researchers. As shown in
Table 3, the paper “Deep Learning Approach for Intelligent Intrusion Detection,” published in 2019, is the most cited, with 11,753 citations. This means it’s very influential and widely used in the field.
Top 10 publications with the year-wise citation.
Documents
Publication Year
2016
2017
2018
2019
2020
2021
2022
2023
2024
Subtotal
>2024
Total
Total
12
71
130
227
495
562
665
689
734
3585
582
4167
Deep Learning Approach for Intelligent Intrusion Detection System
2019
0
0
0
18
125
207
246
300
337
1233
246
1479
Using generative adversarial networks for improving classification effectiveness in credit card fraud detection
2019
0
0
5
11
75
55
97
69
70
382
82
464
Droiddetector: Android malware characterization and detection using deep learning
2016
2
21
31
57
80
59
63
46
39
398
22
420
Cybercrime detection in online communications: The experimental case of cyberbullying detection in the Twitter network
2016
1
13
30
24
43
51
44
51
29
286
28
314
Us and them: identifying cyber hate on Twitter across multiple protected characteristics
2016
2
11
20
28
39
44
55
39
39
277
27
304
Credit Card Fraud Detection Using State-of-the-Art Machine Learning and Deep Learning Algorithms
2022
0
0
0
0
0
0
8
48
108
164
106
270
An intrusion detection system using network traffic profiling and online sequential extreme learning machine
2015
7
23
21
33
40
34
35
31
13
237
10
247
Automatic cyberbullying detection: A systematic review
2019
0
0
0
10
15
36
50
54
44
209
37
246
Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach
2018
0
0
5
20
43
41
26
30
34
199
14
213
A data mining based system for credit-card fraud detection in e-tail
2017
0
3
18
26
35
35
41
21
21
200
10
210
Other highly cited papers include “Droiddetector: Android Malware Characterisation” (2016, 346 citations) and “Using Generative Adversarial Networks for Intrusion Detection” (2019, 329 citations). These papers are also essential but have fewer citations than the top papers. We also found documents such as “Robust Intelligent Malware Detection Using…” (2019, 285 citations) and “Cybercrime Detection in Online Communication” (2016, 260 citations). These papers are important, too, but less highly cited than the top ones.
This data shows which research papers have had the most impact and are most recognised in cybersecurity and machine learning.
Table 4 presents the top twenty articles based on the number of citations.
Top 20 documents with maximum citation counts.
Rank
Document title
Reference
Citations
1
“Deep Learning Approach for Intelligent Intrusion Detection System”
Vinayakumar, Alazab
16
1060
2
“Droid Detector: Android Malware Characterisation and Detection using Deep Learning”
Yuan, Lu
17
371
3
“Using Generative Adversarial Networks for Improving Classification Effectiveness in Credit Card Fraud Detection”
Fiore, De Santis
18
341
4
“Robust Intelligent Malware Detection using Deep Learning”
Vinayakumar, Alazab
33
332
5
“Cybercrime Detection in Online Communications: The Experimental Case of Cyberbullying Detection in the Twitter Network”
Al-Garadi, Varathan
34
275
6
“Us and Them: Identifying Cyber Hate on Twitter Across Multiple Protected Characteristics”
Burnap and Williams
35
259
7
“An Intrusion Detection System Using Network Traffic Profiling and Online Sequential Extreme Learning Machine”
Singh, Kumar
36
229
8
“Automatic Cyberbullying Detection: A Systematic Review”
Rosa, Pereira
37
184
9
“Automated Poisoning Attacks and Defenses in Malware Detection Systems: An Adversarial Machine Learning Approach”
Chen, Xue
19
184
10
“A Data Mining-Based System For Credit-Card Fraud Detection in E-Tail”
Carneiro, Figueira
38
181
11
“An Intelligent Approach to Credit Card Fraud Detection Using an Optimised Light Gradient Boosting Machine”
Taha and Malebary
24
172
12
“A Systematic Literature Review on Machine Learning Applications for Consumer Sentiment Analysis Using Online Reviews”
Jain, Pamula
39
167
13
“Defending Against Phishing Attacks: Taxonomy Of Methods, Current Issues and Future Directions”
Gupta, Arachchilage
40
158
14
“Improving Cyberbullying Detection Using Twitter Users’ Psychological Features and Machine Learning”
Balakrishnan, Khan
41
157
15
“Detection of Phishing Websites using an Efficient Feature-Based Machine Learning Framework”
Rao and Pais
23
156
16
“A Comprehensive Survey of AI-Enabled Phishing Attack Detection Techniques”
Basit, Zafar
42
155
17
“Semantics-Based Online Malware Detection: Towards Efficient Real-Time Protection Against Malware”
Das, Liu
21
153
18
“Detecting Malware With an Ensemble Method Based on Deep Neural Network”
Yan, Qi
43
142
19
“Leveraging Financial Social Media Data for Corporate Fraud Detection”
Dong, Liao
22
135
20
“Designing a Network Intrusion Detection System Based On Machine Learning for Software-Defined Networks”
Alzahrani and Alenazi
20
132
5. Results
Our research has given us a good overview of the recent chaos in the application of machine learning approaches in cybersecurity, with most work in Computer Science; that makes sense because these fields are very technical. Engineering is also essential due to its close connection with the technical side of these topics. Mathematics is crucial for the methods used in machine learning, while the Social Sciences, though less common, help us understand how technology affects society. Fields such as Materials Science and Decision Sciences are essential for understanding technical details and for decision-making. Still, Business, Arts and Humanities, Psychology, and Medicine have a minor role.
We discovered that nearly all the research documents—95.8%—are new studies that present new findings. Only 4.2% are review papers that summarise existing research. This shows that most researchers are focused on publishing new research rather than reviewing past work. Among organisations, Princess Nourah Bint Abdulrahman University and King Saud University are the top publishers, demonstrating their strong involvement in the field. Universiti Sains Malaysia and Prince Sultan University also make significant contributions. Still, other institutions, such as the Ministry of Education of the People's Republic of China and the Vellore Institute of Technology, publish fewer papers.
Looking at authors, Alazab, M., and Rao, R.S., have written the most papers, followed by other active researchers such as Elsisi, M., Hamza, M.A., and Ravi, V. This indicates the most influential researchers in this field. Globally, India has published the most papers, with the United States and Saudi Arabia also making significant contributions. China, the United Kingdom, and Malaysia are active, while Australia, Pakistan, Egypt, and South Korea have fewer papers.
We also find that while papers from 1999 were not widely cited, by 2024 their citations had grown significantly, reaching 4,103. This shows that research in this field has gained more recognition over time. Journals like “IEEE Access” and “Multimedia Tools and Applications” have been the top publishers from 2013 to 2024, while others like “Computers Materials and Continua” and “The International Journal of Advanced Computer Science and Applications” have published fewer.
Finally, the number of research papers published yearly has steadily increased since around 2013, peaking in 2024. This shows growing interest and activity in cybersecurity and machine learning. The most cited paper of 2019, “Deep Learning Approach for Intelligent Intrusion Detection,” has 11,753 citations, highlighting its significant impact. Other highly cited papers cover topics like Android malware and generative adversarial networks, though they have fewer citations than the top paper. This shows key research areas, major contributors, and the impact of significant studies in the field.
5.1 Descriptive results
The study’s analysis presents a holistic view of the current state of machine learning and cybersecurity. Because of the technical nature of the connections, most research originates in Computer Science, followed by Engineering. Machine learning techniques require a strong mathematical foundation, while the impact of technology is analysed using insights from the social sciences. Domain disciplines such as Material Science and Decision Science analyse technical details and decision-making procedures, respectively. In contrast, disciplines such as Business, Arts, Humanities, Psychology, and Medicine are less prominent.
5.2 Top journals
The best journals have been IEEE Access and Multimedia Tools and Applications, which have published much work from 2013 to 2024. Other such journals also publish articles at much lower frequencies. Still, some deliver valuable outcomes, such as ‘Computers Materials and Continua’ & ‘The International Journal of Advanced Computer Science and Applications’.
5.3 Countries and institutions publications
Among all countries in the world, India leads the list of publications, followed by the United States and Saudi Arabia. Some of the most highly published institutions are Princess Nourah Bint Abdulrahman University and King Saud University, which demonstrate their commitment to advancing research. In addition, Universiti Sains Malaysia and Prince Sultan University have made substantial contributions regarding publication. Institutions such as the Ministry of Education of the People’s Republic of China and Vellore Institute of Technology have less contribution.
5.4 Landmark publications
The paper with the highest citation score in this study is “Deep Learning Approach for Intelligent Intrusion Detection,” published in 2019, with 11,753 citations, demonstrating significant scientific interest. Other highly cited works include research on Android malware and generative adversarial networks, reflecting crucial areas of exploration.
5.5 Document co-citation analysis
Co-citation analysis highlights relationships between documents that are frequently cited within a given citation environment. This technique provides insights into the influence and relevance of various studies, showcasing how specific papers shape the research landscape.
5.6 Co-citation analysis of top scholars
The co-citation analysis of prominent authors reveals influential scholars in the field. Notable contributors include M. Alazab and R. S. Rao, whose work is frequently cited, indicating their significant influence on current research trends.
5.7 Co-citation analysis of journals
Analysing co-citation patterns can help identify influential publications in cybersecurity and machine learning, thereby determining which publications are central to the discourse of cybersecurity and machine learning research.
5.8 Keywords co-occurrence analysis
Keyword co-occurrence analysis provides insights into prevalent themes and topics in the literature. Key terms like “cyber security,” “machine learning,” and “data security” frequently appear together indicating their interconnectedness in research.
6. Conclusion
The study provides a holistic, inclusive bibliometric and scientometric analysis of machine learning and cybersecurity research from 2010 to 2024. By profiling scholarly output, citation patterns, co-citation patterns, co-authorship mapping, and latest research trends, the study enriches theoretical perspectives to the evolving literature on the intersection of machine learning and cybersecurity practices. Theoretically, the study depicts how multidisciplinary knowledge, such as computer science, mathematics, social sciences, and engineering, is growing to address real-world security problems. Most of the research is original, with 95.8% being new studies rather than reviews, indicating a strong focus on discovering new knowledge. The study further highlights the growing capability of deep learning and adversarial machine learning, offering an up-to-date theoretical framework for academics and policymakers. From a practical perspective, the analysis underscores the use of machine learning-based cybersecurity techniques in real-world environments. The study identified the top institutions, leading journals, and the most influential countries in this domain, providing valuable insights for industry leaders and decision-makers to implement machine learning-based cybersecurity defence strategies. Moreover, identifying highly cited publications offers practitioners deep insights into the latest technologies with greater impact, influence, stability, and sound engineering in implementation.
Additionally, scholarly articles published globally, with notable contributions from universities in Saudi Arabia, Malaysia, India, the United States, and China, underscore the importance of cybersecurity and machine learning research.
6.1 Practical implications
The results presented in this study contribute to global cybersecurity deployment through machine learning-based practices, offering practical applications for industry and theoretical insights for academia. The study's insights are essential for federal agencies, cybersecurity organisations, and businesses seeking to update their cybersecurity systems using machine learning-based technologies. Identifying the most influential authors and top-ranked journals offers practical support to researchers to stay abreast of this domain's latest trends and developments. Moreover, the global nature of the study underscores the importance of international collaboration to achieve effective outcomes. Keyword co-occurrence analysis helps identify emerging trends in machine learning and cybersecurity application domains, such as phishing detection, intrusion detection, and proactive threat detection.
6.2 Study limitations
The study presents several limitations which should be considered for future studies. At first, the study was restricted to publications from 2010 to 2024 and used only a single database, Scopus. Although comprehensive, it may not cover the full breadth of research articles like IEEE Xplore or Google Scholar. Secondly, specific keywords used for the Scopus search may have missed some interdisciplinary research articles. Moreover, the study identified the latest research trends, i.e., conducted a quantitative study without any qualitative analysis of different machine learning-based cybersecurity practices.
6.3 Future research directions
Future studies should focus on different keywords, design new search queries, apply them to other scientific databases, or merge different bibliometric software for analysis. A comprehensive systematic review or meta-analysis in this domain could provide an in-depth understanding of the current dilemma, especially the pros and cons of using different machine learning-based approaches in cybersecurity.
Overall, this study offers meaningful insights, bridges an essential gap in the intersection of machine learning and cybersecurity research, and provides a rich foundation, motivation, and guidance for researchers and industry practitioners in protecting digital infrastructures.
Data availability
The dataset is openly available at
https://doi.org/10.6084/m9.figshare.30970909.
44
Data are available under the terms of the
Creative Commons Attribution 4.0 International license (
CC BY 4.0)
ReferencesCraigenDDiakun-ThibaultNPurseR:
Defining cybersecurity.Technol. Innov. Manag. Rev.2014;4:13–21.
10.22215/timreview/835RawatDBDokuRGarubaM:
Cybersecurity in big data era: From securing big data to data-driven security.IEEE Trans. Serv. Comput.2019;14(6):2055–2072.BharadiyaJ:
Machine learning in cybersecurity: Techniques and challenges.European Journal of Technology.2023;7(2):1–14.McLeanR:
A hacker gained access to 100 million Capital One credit card applications and accounts.CNN;2019.KennyC:
The Equifax data breach and the resulting legal recourse.Brook. J. Corp. Fin. & Com. L.2018;13:215.CaseDU:
Analysis of the cyber attack on the Ukrainian power grid.Electricity Information Sharing and Analysis Center (E-ISAC).2016;388(1-29):3.FischerEA:
Cybersecurity issues and challenges: In brief.Congressional Research Service;2014.KaushikD:
Application of machine learning and deep learning in cybersecurity: An innovative approach.An Interdisciplinary Approach to Modern Network Security.CRC Press;2022; pp.89–109.
10.1201/9781003147176-6HaghaniM:
What makes an informative and publication-worthy scientometric analysis of literature: a guide for authors, reviewers and editors.Transportation Research Interdisciplinary Perspectives.2023;22:100956.González-TeruelA:
Mapping recent information behavior research: an analysis of co-authorship and co-citation networks.Scientometrics.2015;103:687–705.DonthuN:
How to conduct a bibliometric analysis: An overview and guidelines.J. Bus. Res.2021;133:285–296.NobaneeH:
Bibliometric analysis of cybercrime and cybersecurity risks literature.Journal of Financial Crime.2023;30(6):1736–1754.AdnanS:
A bibliometric analysis of scientific literature in digital dentistry from low-and lower-middle income countries.BDJ open.2024;10(1):38.
3879647410.1038/s41405-024-00225-4SchuetzS:
A qualitative systematic review of trust in technology.J. Inf. Technol.2024;02683962241254392.Cabezas-ClavijoA:
The need to develop tailored tools for improving the quality of thematic bibliometric analyses: Evidence from papers published in Sustainability and Scientometrics.Journal of Data and Information Science.2023.VinayakumarR:
Deep learning approach for intelligent intrusion detection system.IEEE access.2019;7:41525–41550.YuanZLuYXueY:
Droiddetector: android malware characterization and detection using deep learning.Tsinghua Sci. Technol.2016;21(1):114–123.FioreU:
Using generative adversarial networks for improving classification effectiveness in credit card fraud detection.Inf. Sci.2019;479:448–455.ChenS:
Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach.Comput. Secur.2018;73:326–344.AlzahraniAOAlenaziMJ:
Designing a network intrusion detection system based on machine learning for software defined networks.Future Internet.2021;13(5):111.
10.3390/fi13050111DasS:
Semantics-based online malware detection: Towards efficient real-time protection against malware.IEEE Trans. Inf. Forensics Secur.2015;11(2):289–302.DongWLiaoSZhangZ:
Leveraging financial social media data for corporate fraud detection.J. Manag. Inf. Syst.2018;35(2):461–487.RaoRSPaisAR:
Detection of phishing websites using an efficient feature-based machine learning framework.Neural Comput. & Applic.2019;31:3851–3873.TahaAAMalebarySJ:
An intelligent approach to credit card fraud detection using an optimized light gradient boosting machine.IEEE access.2020;8:25579–25587.KaushikKDahiyaS:
Security and Privacy in IoT based E-Business and Retail.2018 International Conference on System Modeling & Advancement in Research Trends (SMART).2018.AkgunDHizalSCavusogluU:
A new DDoS attacks intrusion detection model based on deep learning for cybersecurity.Comput. Secur.2022;118:102748.ElsisiMTranM-Q:
Development of an IoT architecture based on a deep neural network against cyber attacks for automated guided vehicles.Sensors.2021;21(24):8467.MughaidA:
An intelligent cyber security phishing detection system using deep learning techniques.Clust. Comput.2022;25(6):3819–3828.
3560231710.1007/s10586-022-03604-4ToonyAA:
MULTI-BLOCK: A novel ML-based intrusion detection framework for SDN-enabled IoT networks using new pyramidal structure.Internet of Things.2024;26:101231.ChenJ:
De-pois: An attack-agnostic defense against data poisoning attacks.IEEE Trans. Inf. Forensics Secur.2021;16:3412–3425.TahaA:
Credit card Fraud Classification using an Optimized Ensemble Learning Technique.International Journal of Computer Science & Network Security.2024;24(11):48–54.SchottenM:
A brief history of Scopus: The world’s largest abstract and citation database of scientific literature.Research analytics.Auerbach Publications;2017; p.31–58.
10.1201/9781315155890-3VinayakumarR:
Robust intelligent malware detection using deep learning.IEEE access.2019;7:46717–46738.Al-GaradiMAVarathanKDRavanaSD:
Cybercrime detection in online communications: The experimental case of cyberbullying detection in the Twitter network.Comput. Hum. Behav.2016;63:433–443.BurnapPWilliamsML:
Us and them: identifying cyber hate on Twitter across multiple protected characteristics.EPJ Data Sci.2016;5:1–15.SinghRKumarHSinglaR:
An intrusion detection system using network traffic profiling and online sequential extreme learning machine.Expert Syst. Appl.2015;42(22):8609–8624.RosaH:
Automatic cyberbullying detection: A systematic review.Comput. Hum. Behav.2019;93:333–345.CarneiroNFigueiraGCostaM:
A data mining based system for credit-card fraud detection in e-tail.Decis. Support. Syst.2017;95:91–101.JainPKPamulaRSrivastavaG:
A systematic literature review on machine learning applications for consumer sentiment analysis using online reviews.Comput. Sci. Rev.2021;41:100413.GuptaBBArachchilageNAPsannisKE:
Defending against phishing attacks: taxonomy of methods, current issues and future directions.Telecommun. Syst.2018;67:247–267.BalakrishnanVKhanSArabniaHR:
Improving cyberbullying detection using Twitter users’ psychological features and machine learning.Comput. Secur.2020;90:101710.BasitA:
A comprehensive survey of AI-enabled phishing attacks detection techniques.Telecommun. Syst.2021;76:139–154.
3311034010.1007/s11235-020-00733-2YanJQiYRaoQ:
Detecting malware with an ensemble method based on deep neural network.Security and Communication Networks.2018;2018(1):1–16.
10.1155/2018/7247095RazzaqK:
Manuscript Data files.Dataset.
figshare.2025.
10.6084/m9.figshare.30970909.v110.5256/f1000research.191775.r480186Reviewer response for version 1OlutimehinAbayomi Titilola1Referee
Royal Holloway University of London, Egham, Surrey, UK
Competing interests: No competing interests were disclosed.
This manuscript presents a bibliometric and scientometric analysis of research at the intersection of machine learning and cybersecurity. The authors use the Scopus database to examine publications from 2010 to 2024, aiming to identify key research trends, leading contributors, and emerging themes in the field. Their analysis highlights a steady increase in research output since 2013, with a strong concentration in Computer Science and Engineering. The study identifies major contributing countries such as India, the United States, and Saudi Arabia, along with prominent journals and authors. The authors conclude that machine learning is playing a transformative role in enabling more proactive and adaptive cybersecurity systems.
The article addresses a timely and relevant topic and employs a generally appropriate bibliometric methodology. The structure of the paper is clear, and the use of figures and tables helps illustrate trends in publications, subject areas, and citation patterns. The study provides useful descriptive insights that could benefit both researchers and practitioners. However, several issues limit the scientific robustness of the work and need to be addressed before it can be considered fully reliable.
In terms of presentation, the manuscript is generally understandable, but clarity and precision are inconsistent. The introduction contains redundant explanations of machine learning, with nearly identical sentences repeated in close proximity. This affects the professional quality of the writing and should be streamlined. In addition, there are inconsistencies between the narrative text and the tables and figures, which create confusion and undermine confidence in the findings. While the descriptive summaries of trends are clear, the analysis tends to remain superficial, and the discussion would benefit from a deeper interpretation of the results.
The study design itself is appropriate and technically sound. The use of Scopus as a data source and the application of bibliometric techniques such as keyword co-occurrence, citation analysis, and institutional mapping are standard and suitable for this type of research. The methodological workflow is generally well-structured and follows accepted field practices. However, the reliance on a single database introduces potential bias, and this limitation should be more explicitly acknowledged. The authors may also consider validating their findings using an additional database to strengthen the robustness of their conclusions.
The description of methods is reasonably detailed and provides a basic level of reproducibility. The authors outline their search queries, timeframe, and analytical approach. However, there is insufficient transparency in how the dataset was refined and finalized. The manuscript reports multiple dataset sizes at different stages, but it is unclear which dataset was ultimately used for the analysis presented in the figures and results. This lack of clarity makes it difficult for other researchers to replicate the study. A clear, step-by-step explanation of the data filtering process is needed, ideally supported by a structured flow diagram showing how the initial records were narrowed down to the final sample.
The statistical analysis and interpretation present more serious concerns. There are notable inconsistencies in reported citation counts for key papers. The same publication is described with significantly different citation counts across sections of the manuscript, raising questions about data accuracy. In addition, there is ambiguity regarding the final sample size used in the analysis, with conflicting figures presented for initial search results, refined results, and accessible documents. Another issue is the inclusion of data points outside the study's stated timeframe. Although the methodology specifies a range of 2010 to 2024, at least one figure includes data from 1999 without explanation. These inconsistencies undermine the credibility of the statistical analysis and must be corrected.
The availability of source data is a strong aspect of the study. The dataset is openly accessible, which supports transparency and reproducibility. However, the manuscript would benefit from clearer guidance on accessing and interpreting the dataset, including a description of its structure and variables.
The paper's conclusions are generally supported by the results, particularly in highlighting the growing importance of machine learning in cybersecurity and the increasing volume of related research. I think the practical implications discussed are relevant and useful. That said, some of the conclusions are broad and would be stronger if more closely linked to specific findings from the analysis. A more critical discussion of limitations and potential biases would also improve the balance and depth of the conclusions.
Several issues must be addressed to ensure the article's scientific soundness. The most critical is the inconsistency in citation data, which requires careful verification and correction across all sections of the manuscript. The authors must also clearly define the final dataset used in their analysis and explain how it was derived from the initial search results. The discrepancy between the stated timeframe and the figures must be resolved, either by adjusting the study's scope or by correcting the figures. Greater methodological transparency is needed, particularly regarding data filtering and analysis procedures. Finally, all numerical values and results should be thoroughly cross-checked to ensure internal consistency.
In addition to these major issues, there are several areas for improvement that would enhance the overall quality of the manuscript. These include removing redundant text, improving clarity and conciseness in writing, expanding the analytical depth of the discussion, and refining the presentation of figures and tables.
In its current form, the manuscript demonstrates strong potential and addresses an important area of research, but it requires substantial revisions to address data inconsistencies and improve methodological clarity. With these issues resolved, it could make a meaningful contribution to the literature on machine learning applications in cybersecurity.
Is the work clearly and accurately presented and does it cite the current literature?
Partly
If applicable, is the statistical analysis and its interpretation appropriate?
Partly
Are all the source data underlying the results available to ensure full reproducibility?
Yes
Is the study design appropriate and is the work technically sound?
Yes
Are the conclusions drawn adequately supported by the results?
Yes
Are sufficient details of methods and analysis provided to allow replication by others?
Yes
Reviewer Expertise:
Cybersecurity, Information Security Governance, Risk and Compliance (GRC), Third-Party Risk Management, Cloud Security, Identity and Access Management, Application Security, Threat Modelling, and Machine Learning in Cybersecurity.
I confirm that I have read this submission and believe that I have an appropriate level of expertise to confirm that it is of an acceptable scientific standard, however I have significant reservations, as outlined above.
10.5256/f1000research.191775.r464172Reviewer response for version 1ZanganaHewa Majeed1Refereehttps://orcid.org/0000-0001-7909-254X
Duhok Polytechnic University, Duhok, Iraq
Competing interests: No competing interests were disclosed.
The study utilizes the
Scopus database to map the research landscape, identifying significant contributions, emerging trends, and key advancements in ML-based cybersecurity. Key findings include:
Leading Contributors: India is the top publishing country, while
Princess Nourah Bint Abdulrahman University and
King Saud University are the most productive institutions.
Prominent Venues and Authors:
IEEE Access is identified as the leading journal, and
Alazab, M. and
Rao, R.S. are cited as the most dominant authors.
Thematic Focus: Since 2013, there has been a surge in scholarly output, specifically in
intrusion detection,
cybercrime prevention, and
anomaly detection.
Review and Constructive Feedback
While the study design is technically sound in its use of standard bibliometric tools like
VOSviewer and
Scopus search strings, several critical inconsistencies must be addressed to ensure scientific rigor.
1. Accuracy of Data and Citation Counts (Critical Concern)
The Issue: There is a massive, recurring discrepancy regarding the citation count of the most influential paper,
"Deep Learning Approach for Intelligent Intrusion Detection System".
In the text (Sections 4.8, 5, and 5.4), the authors claim this paper has
11,753 citations.
However, in
Table 4, the same paper is listed with only
1,060 citations.
Furthermore,
Table 3 lists a "Total" for this paper as
1,479.
Required Action: The authors
must verify and synchronize these numbers. A ten-fold difference in citation data for the "landmark publication" undermines the entire scientometric analysis.
2. Literature Presentation and Consistency
The Issue: The paper's timeframe is stated as
2010 to 2024 in the Methods and Table 2. However,
Figure 8 ("Documents vs citation diagram") includes data from
1999.
Required Action: The authors should either expand the stated scope of the study to include the late 90s or explain why 1999 is included in the trend analysis when the methodology explicitly limits the search to PUBYEAR > 2009.
3. Redundancy in the Introduction
The Issue: The Introduction contains nearly identical paragraphs defining Machine Learning.
Sentence 1:
"ML empowers computers to analyse data... without being explicitly programmed for each eventuality".
Sentence 2 (two lines later):
"ML enables computers to analyse data... rather than being programmed for every eventuality".
Required Action: Streamline the introduction to avoid repetitive definitions, which detract from the professional quality of the manuscript.
4. Statistical Interpretation and Technical Soundness
The Issue: The "Search Query" in Table 2 shows a total of
1,827 documents, but the "Refined Results" show
528. Later, the "Access" row lists
749 documents. It is unclear which final dataset size ($N$) was used for the subsequent analysis in the Figures.
Required Action: Clearly state the final $N$ (sample size) used for the charts. If 528 is the refined set, explain why the "Access" count is higher (749).
Points That Must Be Addressed for Scientific Soundness
Correct the Citation Discrepancy: Resolve the 11,753 vs. 1,060 vs. 1,479 citation conflict for the top-ranked paper.
Align Timeframes: Reconcile the 2010–2024 search criteria with the inclusion of 1999 data in Figure 8.
Clarify Dataset Totals: Provide a clear flow (e.g., a PRISMA-style diagram) showing how the initial 1,827 results were filtered down to the final count used for the analysis.
Is the work clearly and accurately presented and does it cite the current literature?
Partly
If applicable, is the statistical analysis and its interpretation appropriate?
Partly
Are all the source data underlying the results available to ensure full reproducibility?
Yes
Is the study design appropriate and is the work technically sound?
Yes
Are the conclusions drawn adequately supported by the results?
Yes
Are sufficient details of methods and analysis provided to allow replication by others?
I confirm that I have read this submission and believe that I have an appropriate level of expertise to confirm that it is of an acceptable scientific standard, however I have significant reservations, as outlined above.