Table 1.
Literature review summary.
| References | Problem domain | Detection/prediction | Forecast period | Forecast coverage | Methods |
|---|---|---|---|---|---|
| 14 | Detect different types of attacks | Detection | N/A | N/A | Feature extraction, deep reinforcement learning |
| 15 | Malicious traffic detection | Detection | N/A | N/A | Deep neural network with attention mechanism |
| 16,17 | Forecast attack count | Prediction | 1–7 days | Multiple targets | ARIMA model |
| 18 | Forecast attack count | Prediction | Months | Organisation | Unconventional signals, lagged feature selection, concept drift training |
| 19 | Forecast attack motivation and opportunity | Prediction | 1 week | 1 target | Social media analysis, SVM, CNN |
| 20 | Forecast attack count | Prediction | 1 week or month | Organisation | Digital traces, ARIMA, ARIMAX, LSTM |
| 21 | Predict next attack in the chain | Prediction | N/A | 1 target | Bayesian network |
| 22 | Predict intrusion detection alerts | Prediction | Minutes or hours | Organisation | Stream processing, sequential rule mining |
| 23 | Forecast if a data breach will occur | Prediction | Months | Organisation | Externally measurable features, Random Forest |
| 24 | Reconnaissance detection | Detection | N/A | N/A | LSTM, CNN |
| 25 | Forecast if a machine will be infected | Prediction | Months | Machine | Binary file analysis, semi-supervised learning |
| 26 | Forecast if an IP address will attack | Prediction | 24 hours | N/A | Entity reputation and scoring, decision trees |