Leveraging data analytics to revolutionize cybersecurity with machine learning and deep learning

Asadi Srinivasulu; Tae-hoon Kim; Ravikumar Chinthaginjala; Xin Zhao; Irfan Ahmad

doi:10.1038/s41598-025-16932-3

. 2025 Aug 29;15:31910. doi: 10.1038/s41598-025-16932-3

Leveraging data analytics to revolutionize cybersecurity with machine learning and deep learning

Asadi Srinivasulu ^1,^2,^✉, Tae-hoon Kim ^3,^✉, Ravikumar Chinthaginjala ⁴, Xin Zhao ⁵, Irfan Ahmad ⁶

PMCID: PMC12397323 PMID: 40883384

Abstract

The exponential growth of digital technologies has brought about a surge in the complexity and frequency of cyber-attacks, necessitating robust cyber security measures. This study introduces an innovative approach to cyber security data analysis by leveraging Convolutional Neural Network (CNN) technology. The primary objective is to explore the potential of CNNs in accurately and efficiently detecting and classifying cyber security threats. Synthetic data was generated as a preliminary proof of concept, representing cyber security incidents as feature vectors. The study uses Convolutional Neural Networks (CNNs) as the primary machine learning and deep learning technique. The CNN architecture was thoughtfully designed with multiple convolutional and pooling layers to effectively capture intricate patterns and relationships within the data. Experimental results demonstrate the CNN’s remarkable capabilities in handling cyber security data, achieving substantial accuracy in identifying and categorizing cyber threats, thereby enhancing cyber security defenses. The research emphasizes the significance of integrating deep learning techniques to complement traditional cyber security approaches. While the study acknowledges certain limitations, such as the absence of real-world data, future research could involve incorporating diverse datasets to further validate the CNN’s effectiveness in practical cyber security scenarios. This research establishes a foundation for employing CNN-based data analytics in cyber security, contributing to proactive threat detection and fortification against evolving cyber-attacks. The insights gained pave the way for sophisticated applications and methodologies to safeguard critical infrastructures and sensitive information amidst relentless cyber threats.

Keywords: Cyber security, Data analytics, Convolutional neural network (CNN), Machine learning, Deep learning, Synthetic data, Threat detection, Cyber threats, Network security, Intrusion detection, Artificial intelligence, Cyber defense, Anomaly detection, Cybersecurity incident response, Information security, Pattern recognition

Subject terms: Energy science and technology, Engineering, Physics

Introduction

Unraveling cyber security insights: background and objectives

The realm of cybersecurity has taken on paramount importance in today’s digital world, where technology permeates every facet of modern life. As the proliferation of cyber threats continues unabated, safeguarding sensitive information and protecting crucial systems has become an urgent imperative for both organizations and individuals alike¹. To effectively tackle these challenges head-on, cyber security data analytics has emerged as a formidable strategy, capitalizing on advanced data analysis techniques to identify, thwart, and mitigate cyber-attacks. This research paper delves deeply into the fascinating realm of cyber security data analytics, placing special emphasis on harnessing the power of Convolutional Neural Networks (CNN)². Originally designed for image recognition, CNNs have displayed astonishing potential in handling intricate patterns and interconnections found within cyber security data. By adapting CNNs for cyber security tasks, the objective is to explore their effectiveness and potential applicability in fortifying defenses against cyber threats³. Our primary objectives in this study are twofold:

To Investigate CNNs in Cyber Security: Our focus lies in exploring the application of CNNs for cyber security data analytics. We aim to understand how these networks can effectively identify intricate patterns and anomalies within extensive datasets relevant to cyber security. Through an exhaustive examination of CNN architectures, components, and features, we seek to gain insights into their potential in analyzing cyber security-related data⁴.
To Evaluate CNN Performance with Synthetic Data: Obtaining comprehensive real-world cyber security datasets can be challenging due to their sensitive nature. To overcome this hurdle, we opt for a synthetic data generation approach, allowing us to create diverse cyber security scenarios. By utilizing this artificially generated dataset, we will assess the performance of CNNs and determine their viability as a valuable tool for cyber security practitioners⁵.

This research explores the application of Convolutional Neural Networks (CNNs) in cyber security data analytics, with the goal of unraveling their strengths and limitations within the field. Our objective is to provide a solid foundation for practitioners and researchers to effectively apply state-of-the-art data analytics techniques to safeguard digital ecosystems⁶. By leveraging the capabilities of CNNs, we aim to enhance the understanding of cyber security data analytics and contribute practical insights for developing robust defense mechanisms against cyber threats⁷. The novelty of this study lies in its investigation of CNNs for cyber security, offering an innovative approach to recognizing and addressing cyber threats in the dynamic digital environment⁸. The gap identified highlights the need for connecting synthetic data testing with real-world validation to ensure a more comprehensive and applicable approach in cybersecurity contexts.

Literature review

Empowering defense with cyber security data analytics

Cyber Security Data Analytics leverages advanced techniques to improve the detection, prevention, and mitigation of cyber threats. With the growing complexity and speed of attacks, traditional security measures are no longer sufficient⁸. The core of Cyber Security Data Analytics involves real-time collection and analysis of security-related data, including network logs, system events, user behavior, and threat intelligence from sources such as firewalls, intrusion detection systems, and antivirus tools⁹. The primary objective is to uncover hidden patterns and anomalies that may indicate potential threats. A central approach is Machine Learning, with a focus on Deep Learning models such as Convolutional Neural Networks (CNNs) and Recurrent Neural Networks (RNNs), which automatically identify patterns associated with both normal and malicious activities¹⁰. These models not only help in preemptively addressing security breaches, such as unauthorized access and malware infections, but also play a critical role in predicting future attack trends, thereby allowing organizations to strengthen their defenses against emerging threats^11,12.

Cyber Security Data Analytics plays a crucial role in Incident Response and Forensics, enabling analysts to trace attack trajectories and uncover the root cause, damage, and adversarial techniques. This analysis strengthens cyber resilience and refines security strategies. However, challenges such as data privacy and maintaining analysis integrity remain critical. Organizations must balance sharing threat intelligence with protecting sensitive data¹³. The evolving nature of cyber threats requires continuous updates to models and dynamic adaptation. Ethical concerns and data privacy, especially regarding the use of CNNs, are vital areas of focus. Further exploration of strategies to manage these challenges, particularly with real-world datasets, would add valuable depth to the discussion¹⁴.

To enhance the technical rigor of the paper, the author could benefit from incorporating methodologies presented in research such as “An Intrusion Detection System Based on Normalized Mutual Information Antibodies Feature Selection and Adaptive Quantum Artificial Immune System” and “Intrusion Detection Using Normalized Mutual Information Feature Selection and Parallel Quantum Genetic Algorithm.” These studies propose advanced techniques for intrusion detection, utilizing feature selection and adaptive algorithms. By integrating concepts from these sources, the paper could improve its approach to identifying and classifying cyber threats, fostering a more resilient and efficient cybersecurity framework. The use of normalized mutual information and quantum genetic algorithms offers a sophisticated method for optimizing feature selection and model performance, thereby enhancing the overall technical sophistication and dependability of the proposed methodology.

The literature review in this study synthesizes a broad range of research to provide a comprehensive overview of cybersecurity and deep learning methodologies. Key contributions include Sarker et al.’s “Deep cybersecurity: a comprehensive overview from neural network and deep learning perspective,” which offers a broad perspective on cybersecurity¹, and Ferrag et al.’s “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study,” which delves into specific techniques and comparative evaluations². Other surveys, such as Gümüşbaş et al.’s “A comprehensive survey of databases and deep learning methods for cybersecurity and intrusion detection systems” and Mijwil et al.’s “The Significance of Machine Learning and Deep Learning Techniques in Cybersecurity: A Comprehensive Review,” emphasize the importance of databases and machine learning methodologies in cybersecurity^3,4. Additionally, practical applications and case studies, such as Chen et al.’s “Cyber security in smart cities: a review of deep learning-based applications and case studies,” highlight real-world scenarios⁸. Integrating insights from these sources, the literature review provides a solid foundation for this study, identifying gaps and opportunities for future research and improvement¹⁵.

Table 1 offers a thorough literature review on cyber security incidents, laying the groundwork for the research. However, it lacks a critical analysis of limitations within existing studies, missing the opportunity to identify gaps that could strengthen the rationale and significance of the present study. Notable articles, such as “Identity Threads in the Cloud Tapestry: A Comprehensive Study of Federated Identity Management and Its Role in Ensuring Cloud Security”¹⁶ and “Defense mechanisms against DDoS attack based on entropy in SDN-cloud using POX controller”¹⁷, provide key defense mechanisms against DDoS attacks in SDN-cloud environments. Another important contribution, “Cat-squirrel optimization algorithm for VM migration in a cloud computing platform”¹⁸, introduces an optimization algorithm for virtual machine migration. To enhance the technical rigor, the related work section should compare the proposed CNN approach with traditional machine learning algorithms, emphasizing CNNs’ advantages in feature extraction and accuracy for cyber security data, while citing studies that highlight both successful applications and limitations of CNNs in similar contexts.

Table 1.

Literature Review on Cybersecurity Incidents.

References	Focus/Scope	Test data	Results and insights
⁸, 2021	Overview of deep learning in cybersecurity	Network intrusion datasets	Overview of deep learning applications in cybersecurity.
¹, 2021	Comparative study of deep learning for intrusion detection	Various intrusion detection datasets	Evaluation of deep learning approaches in intrusion detection.
⁹, 2022	DL models for detecting malicious activities in IoT	IoT datasets	Detection of malicious IoT activities using DL models.
¹⁰, 2022	Review of cybersecurity, data privacy, and blockchain	Network intrusion datasets	Review of cybersecurity and blockchain applications
¹¹, 2020	Blockchain for sustainability and innovation	Network intrusion datasets	Conceptual framework for blockchain in sustainability.
¹³, 2022	Survey of threats and corrective measures for IoT security	Network intrusion datasets	Emerging threats and corrective measures for IoT security.
¹², 2021	DL applications for IoT intrusion detection	IoT intrusion datasets	DL-based intrusion detection in IoT
¹⁵, 2022	Survey of IoT security with focus on unexplored areas	Network intrusion datasets	Emerging areas in IoT security.

Open in a new tab

Unleashing the potential of CNNs in safeguarding cyberspace

AI and ML have significantly transformed numerous fields by enabling automation, predictive analytics, and intelligent decision-making^19–35. CNNs, initially developed for image recognition, have proven to be a powerful tool in cyber security^36,37. Their unique architecture and advanced feature extraction capabilities make them highly effective for analyzing complex cyber security data, including network traffic, malware samples, and log files. CNNs excel in network traffic analysis by identifying unusual behaviors indicative of cyber-attacks, such as denial-of-service attacks, port scanning, and intrusions. This proactive approach significantly enhances threat detection, enabling the prevention of breaches before they escalate.

CNNs are increasingly applied in detecting phishing websites, a prevalent attack vector where cyber criminals continually develop new techniques to deceive users. CNNs analyze web page content and identify patterns indicative of phishing attempts, thereby protecting users from fraudulent websites and safeguarding sensitive information. However, the effectiveness of CNNs in cyber security depends on a robust training dataset that includes both normal and malicious instances to ensure accurate predictions. Continuous model updates are necessary to address emerging threats and maintain efficacy in an evolving cyber landscape. This research builds upon existing literature by enhancing CNN feature extraction capabilities to analyze and categorize diverse cyber security data, including network traffic, malware samples, and log files, improving the detection of threats such as denial-of-service attacks, port scanning, intrusion attempts, and phishing websites. The novelty of this study lies in its innovative use of CNNs on a synthetic dataset designed to represent a range of cyber security incidents, demonstrating the model’s high accuracy in threat detection and its potential for real-world application despite the initial lack of real-world data.

Data generation and preprocessing

Data generation and preprocessing are critical steps in any data analytics study, including cyber security data analysis using CNNs. This section focuses on how synthetic data is generated for the research and the essential preprocessing steps performed to prepare the data for training the CNN model.

Data generation: This study uses synthetic data to simulate cybersecurity incidents and attacks. Synthetic data generation involves creating artificial data that mimics the characteristics and patterns of real-world cybersecurity data. By using synthetic data, we can perform controlled experiments on various scenarios without relying on sensitive or restricted data. The ‘make_classification‘ function from the ‘scikit_learn‘ library is employed to generate random samples with specified features and labels. The generated synthetic data includes key attributes such as network traffic patterns, attack types, and anomaly indicators, effectively representing cybersecurity events.
Data preprocessing: Data preprocessing plays a pivotal role in guaranteeing that the data is appropriately structured and purified prior to being fed into the CNN model. The main goals of data preprocessing encompass elevating the model’s performance, addressing any missing or incongruent data, and mitigating noise^38,39. The fundamental stages of data preprocessing employed in this research are as follows:
1. Data splitting: The fabricated data is partitioned into two distinct sets: the training set and the testing set. The purpose of the training set is to facilitate the teaching of the CNN model, enabling it to learn and gain proficiency. Conversely, the testing set serves the critical role of evaluating the model’s performance, providing a reliable measure of its capabilities and effectiveness.
2. Reshaping: Given that CNNs are specifically tailored to process data resembling images, any synthetic data used in the context of CNNs must be transformed into a compatible format. For instance, if the original data is in the form of sequences, it undergoes a restructuring process to be converted into a 2D matrix, effectively representing images. This restructuring allows the CNN to efficiently process and extract meaningful features from the data, enhancing its ability to comprehend and interpret visual information.
3. Feature scaling: Feature scaling is a crucial procedure undertaken to ensure that all characteristics possess a uniform scale. This is accomplished through the application of common scaling techniques like normalization or standardization. By undertaking this step, we enable the CNN model to achieve swifter convergence and, equally significant, averts any single feature from exerting undue influence over the entire model.
4. One-hot encoding: In the realm of machine learning, categorical labels undergo a transformation called one-hot encoding, which essentially converts them into binary vectors. This sophisticated encoding technique is employed to enable the CNN model to adeptly decipher and make accurate predictions for multi-class classifications. By representing each class as a unique binary pattern, the CNN can grasp the intricate relationships among the classes and achieve superior performance in tackling complex classification tasks with multiple possible outcomes.
5. Data augmentation: Various data augmentation techniques, including rotation, flipping, and zooming, can be employed to augment the training data, thereby enhancing the model’s capacity to generalize effectively.

Through the implementation of these preprocessing procedures, the synthetic data undergoes meticulous preparation, rendering it in a format highly compatible with CNN model training. This meticulous preparation of data significantly bolsters the CNN model’s capacity to assimilate pertinent features and intricate patterns concealed within the dataset, thereby empowering more advanced cyber security data analysis and remarkably precise predictions. In essence, the crucial steps of data generation and preprocessing play a decisive and pivotal role in guaranteeing the CNN model’s accuracy and efficacy in the realm of cyber security data analytics⁴⁰. Logistic regression is a widely used classification algorithm in cybersecurity for binary classification tasks, such as detecting malicious activities^41–44. The logistic regression hypothesis function is defined as:

where:

represents the predicted probability that input belongs to the positive class.
is the vector of parameters (weights) that the algorithm learns during training.
is the input feature vector.

Deep learning models, especially neural networks, are capable of learning complex patterns and relationships in cybersecurity data. The forward propagation equations for a neural network are given by:

where:

represents the pre-activation output of layer .
and are the weight matrix and bias vector of layer .
is the activation output of layer .
is the activation function, such as ReLU, sigmoid, or tanh.

The equations introduced are critical components underlying the design and optimization of the CNN model for cyber security data analytics, yet a more detailed explanation of their relevance to the study’s objectives would enhance clarity and understanding. The inclusion of Equation 1, which explains Logistic Regression, highlights its role as a foundational method for binary classification tasks in cybersecurity, serving as a comparison to demonstrate the enhanced capabilities of the CNN model used in this study for more complex pattern recognition and advanced cyber threat detection.

Synthetic data

The synthetic dataset crafted for this research serves as a fundamental representation of cyber security incidents, intricately designed to replicate real-world scenarios found in the realm of cyber threats. Each feature vector captures essential attributes and patterns that signify various cyber threats, presenting a diverse range of data points suitable for analysis. With meticulous design and adjustment, the synthetic dataset reflects the intricacies and subtleties encountered in genuine cyber security environments, providing a robust platform for assessing the effectiveness of CNN technology in identifying and categorizing threats. Utilizing this synthetic data enables researchers to methodically investigate CNNs’ capabilities in accurately detecting cyber security threats, thus establishing a foundation for further experimentation and validation in subsequent stages of the study.

Figure 1 demonstrates the input data comprising synthetic feature vectors representing cyber security incidents, showcasing the dataset’s capability to mimic real-world cyber threats in its initial stage. The section provides a detailed explanation of the synthetic dataset’s construction and its representation of cyber security incidents, yet it lacks a thorough justification for why synthetic data adequately substitutes real-world data, necessitating further discussion on the limitations and potential biases inherent in synthetic data. The proposed approach addresses various cyber security incidents, including anomaly detection and classification of both normal and malicious activities within network traffic data. The use of synthetic data is justified by its ability to meticulously replicate real-world cyber security incidents, allowing for controlled experimentation and detailed analysis of CNN capabilities in threat detection, while real-world data may be limited or unavailable for comprehensive initial testing.

Fig. 1 — Input Data for synthetic feature vectors represent cyber security incidents.

CNN model design and implementation

The design and implementation of the CNN model are pivotal for achieving accurate and efficient cybersecurity data analytics. CNNs are renowned for their ability to extract complex patterns from data, making them ideal for cybersecurity analysis. This study applies CNNs to cybersecurity data using a synthetic dataset, incorporating essential components for effective learning and representation^45–47. The architecture begins with a 1D Convolutional layer using 32 filters to detect crucial features, balancing model complexity and performance. The following MaxPooling 2D layer performs spatial down-sampling, reducing computational load and overfitting, with a pool size of (1, 2) to retain key information. The model achieves an impressive average accuracy of 85% on the test set, showcasing CNNs’ effectiveness in cybersecurity data analysis.

Figure 2 depicts the process of determining the test cases over 10 epochs, utilizing synthetic data created to investigate the capabilities of CNNs in effectively identifying and categorizing cyber security threats, thereby highlighting the thorough methodological approach adopted for cyber security data analysis in this research. To prepare the extracted features for classification, we use a Flatten layer to reshape the 2D output into a 1D vector. The flattened features are then passed through a dense layer with 128 neurons activated by the Rectified Linear Unit (ReLU) function, which introduces non-linearity and enhances the model’s ability to learn complex relationships^48–51. The final classification layer is a Dense layer with two neurons, utilizing the Softmax activation function to generate a probability distribution over the two classes, enabling accurate predictions for cybersecurity incidents. The model is implemented using the Keras framework, with the categorical cross-entropy loss function and Adam optimizer for efficient training. The model is trained over several epochs, optimizing its weights and biases to minimize loss and improve performance on both training and validation sets. Its performance is evaluated on the test set, providing insights into its generalization ability for real-world cybersecurity applications.

Fig. 2 — Calculating the test cases of 10 epochs.

To prepare extracted features for classification, as shown in Figure 3, we use a Flatten layer to convert the 2D output into a 1D vector, facilitating further processing. The flattened features are then passed to a dense layer with 128 neurons activated by the ReLU function, enabling the model to capture complex relationships and enhance pattern representation. The final classification output is produced by a Dense layer with 2 neurons and Softmax activation, generating a probability distribution over the two classes. This approach enables precise predictions regarding cybersecurity incidents. We implement the model using the Keras framework, known for its simplicity and versatility.

Fig. 3 — Schematic architecture of proposed data analytics technique.

For training, we use the categorical cross-entropy loss function, suitable for multi-class classification tasks^52–54, and the Adam optimizer, which adapts the learning rate for faster convergence and improved robustness against noisy gradients^55–58. Through training epochs, the model adjusts its weights and biases to minimize the loss function, improving accuracy on training and validation datasets. The model is evaluated on a test set to assess its generalization ability and potential for real-world cybersecurity applications. This approach ensures the model is capable of providing reliable and robust predictions, strengthening cyber defense mechanisms. The cell state Inline graphic is updated as follows:

The output gate Inline graphic is calculated by applying a sigmoid activation function:

The final hidden state Inline graphic is obtained by combining the output gate with the cell state:

The complete item is computed as shown in Equation 4 and becomes the new candidate value. These values are compared to the requirements before deciding whether to update each state. The solution, based entirely on self-state, is filtered to generate the cell state, powered by a sigmoid neural network layer. This layer determines what contributions the cell state probes should make. The output of the sigmoid gate layer is passed through the Inline graphic function, resulting in a value between -1 and 1, as shown in Equations 5 and 6. These equations are critical to the design and optimization of the CNN model, directly influencing its performance in cybersecurity data analytics. Further elaboration on these equations would enhance the clarity of the CNN’s implementation and its relevance to the study’s objectives.

Results and analysis

The primary goal of this study was to explore the application of CNNs in identifying and classifying cybersecurity incidents using synthetic data, assessing their practicality in real-world scenarios. Upon training the CNN model, we achieved an impressive average accuracy of around 85% on the test set, demonstrating its ability to effectively distinguish between cybersecurity classes. The precision and recall scores indicated a good balance between false positives and negatives. These results suggest that CNNs are highly capable of identifying cybersecurity threats, even with synthetic data. Regularization techniques, such as dropout and early stopping, were employed to prevent overfitting, ensuring stable convergence and generalization to unseen data.

Additionally, we compared the CNN approach with traditional machine learning algorithms commonly used in cybersecurity data analysis. The CNN model outperformed these methods in both accuracy and robustness, particularly due to its ability to automatically learn relevant features from raw data, like network traffic patterns. Despite these promising results, we acknowledge the limitations of using synthetic data, as real-world cybersecurity data may present challenges like class imbalances and noisy samples. Further research with authentic datasets is necessary to validate these findings, and model fine-tuning may be required for optimal performance. This research highlights the potential of CNNs in enhancing early detection and response to cyber threats, ultimately strengthening network defenses and reducing potential damages.

Discussion

Decoding intelligence: interpreting the impact of findings

The CNN model demonstrated impressive performance, achieving high accuracy in classifying synthetic data. Training and validation accuracy graphs showed remarkable convergence, indicating the model’s ability to generalize effectively. This convergence suggests that the CNN successfully learned relevant features from the synthetic data, enabling precise predictions. When evaluated on an independent test set, the model continued to display strong accuracy, confirming its ability to generalize to unseen samples. However, these results should be interpreted with caution due to the limitations of synthetic data, which may not fully reflect the complexity of real-world cybersecurity datasets. As such, the CNN’s performance may vary when applied to actual data, necessitating further evaluation on real-world cybersecurity data for practical use.

The outstanding performance on the synthetic dataset also raises concerns about potential overfitting. Although regularization techniques were not explicitly explored in this study, future research should address overfitting when applying CNNs to real-world data. Given the dynamic nature of cybersecurity data, further optimization of the model’s architecture and hyperparameters will be essential to ensure its robustness and generalizability in real-world applications. Continued exploration in this area will enhance the CNN’s reliability and effectiveness in practical cybersecurity tasks.

Navigating the frontier: limitations and strategic implications

Limitations: While our study on cybersecurity data analytics using CNNs has shown promising results, certain limitations must be acknowledged. First, the synthetic data used may not fully capture the complexities of real-world cybersecurity datasets, meaning the CNN’s performance could differ when applied to actual data, warranting further investigation. Additionally, the relatively small size of the synthetic dataset limits the model’s robustness. A larger and more diverse dataset would enhance the model’s ability to detect intricate patterns and improve its performance on unseen data. Furthermore, the CNN’s architecture may not be optimal for all cybersecurity scenarios, and adjusting the model’s design and hyperparameters to better suit real-world data is crucial for achieving optimal performance.

Implications: Our findings highlight the promising potential of CNNs in cybersecurity data analytics. The CNN model’s ability to effectively learn features and accurately classify data has significant implications for real-world cybersecurity applications. CNNs enable cybersecurity professionals to enhance their threat detection and mitigation capabilities with greater precision and efficiency. The model’s capacity to autonomously identify meaningful patterns aids in the early detection of cyber-attacks, potentially preventing major security breaches. Moreover, the study underscores the critical importance of data preparation and preprocessing in cybersecurity analytics. Well-curated and augmented datasets significantly influence CNN performance, making high-quality data collection and preparation essential for the successful application of CNN-based approaches in this field.

Graph analysis: The charts illustrating the training process highlight the CNN’s performance across multiple epochs, showing how well the model learns from the training data and generalizes to unseen data. Ideally, both training and validation accuracy curves should rise in tandem, indicating successful learning and generalization. After training on a synthetic dataset, the CNN demonstrated strong performance on the test set, accurately detecting anomalies and classifying cybersecurity events. Minimal overfitting was observed, confirming the model’s ability to generalize to new data. The learning curves illustrated steady convergence, underscoring the model’s generalization capabilities. This study also emphasizes the importance of addressing ethical issues and data privacy concerns in cybersecurity analysis, particularly when using CNNs. Further exploration of strategies to manage these challenges, especially with real-world datasets, would enhance the paper’s scope. A deeper examination of how these findings can be applied to cybersecurity practice would enrich the study’s practical relevance.

Figure 4 shows how the training and validation accuracy of the proposed CNN model improved steadily over multiple epochs, eventually stabilizing as the model learned effectively. The close match between the two curves highlights the model’s strong ability to generalize, with little evidence of overfitting during training.

Fig. 4 — Training and validation accuracy versus epochs for the CNN model.

Figure 5 shows how the CNN model’s accuracy improves over epochs for both synthetic and real-world datasets, with the real-world data achieving higher accuracy levels more quickly. These findings suggest that the model learns and adapts better when trained on actual cybersecurity datasets compared to synthetic ones.

Fig. 5 — Epoch-wise accuracy progression on synthetic and real-world datasets.

Figure 6 depicts how the proposed system’s accuracy and loss evolve during training. Over the epochs, the model’s accuracy steadily rises, achieving a peak of 95%, while the loss gradually declines to 0.1541, reflecting the model’s effective learning and enhanced performance on the validation data.

Fig. 6 — Model accuracy vs model loss for proposed system.

Figure 7 illustrates the time complexity of the proposed system over various epochs. The training time consistently decreases, demonstrating the model’s efficiency in rapidly reaching optimal performance within a smaller number of epochs.

Fig. 7 — Time complexity vs. epochs for proposed system.

Performance evaluation

To evaluate the effectiveness of our CNN-based cybersecurity threat detection system, we tested it on both synthetic and real-world datasets. Initially, the model achieved 85% accuracy on the synthetic dataset, demonstrating its ability to detect and classify cybersecurity threats. To assess real-world applicability, we integrated actual cybersecurity datasets and used metrics such as accuracy, precision, recall, F1-score, and AUC-ROC curves. Confusion matrices provided deeper insights into classification performance across different threat categories. Comparative analysis with traditional machine learning methods (SVM and Random Forest) showed that CNN outperformed these models in accuracy and feature extraction. The model’s robustness was enhanced by dropout layers and batch normalization, reducing overfitting and ensuring adaptability in practical scenarios. The CNN demonstrated excellent learning stability, with converging training and validation accuracy curves and a consistently declining loss function, indicating effective optimization. Computational efficiency analysis revealed faster convergence and fewer iterations to reach optimal performance, making it suitable for real-time applications. A comparative study showed the CNN model achieving 95% accuracy on the test set, with lower losses, and resilience against adversarial attacks. This research highlights the CNN’s potential for real-world cybersecurity applications, advancing anomaly detection and cyber defense strategies.

Accuracy: Determines the proportion of correctly classified cyber threats in relation to total predictions, ensuring overall model reliability.

The proposed CNN model achieved an accuracy of 95%, demonstrating its ability to accurately classify cybersecurity threats.

Precision: Assesses the proportion of correctly identified cyber threats among all predicted positive cases, reducing false alarms. A high precision score ensures that the model minimizes false positives, increasing detection reliability.

Recall: Evaluates the model’s ability to correctly identify actual cyber threats, reducing missed detections. The high recall score confirms the CNN model’s efficiency in detecting a broad range of cyber threats while minimizing false negatives.

F1 Score: F1 Score represents a harmonic mean between precision and recall, ensuring a balance between false positives and false negatives. The F1-score confirms that the model effectively balances precision and recall, making it suitable for cybersecurity applications.

AUC-ROC (Area under the receiver operating characteristic curve): Measures the model’s ability to differentiate between cyber threats and normal activities at various threshold levels. A high AUC score signifies that the CNN model effectively distinguishes between legitimate network traffic and malicious activities.

where Inline graphic represents the true positive rate as a function of the false positive rate.

Confusion matrix: Provides a detailed analysis of the model’s classification performance across cyber threat categories. The matrix is typically represented as:

The confusion matrix enables deeper insight into false positives, false negatives, and overall model accuracy.

Log loss (Cross-entropy loss): Measures prediction confidence, penalizing incorrect classifications more heavily. A low log loss value confirms that the CNN model produces highly confident and accurate predictions for cybersecurity threats. The Log Loss formula is expressed as:

Mean squared error (MSE) for model convergence: Calculates the variance between predicted and actual classification probabilities, assessing model optimization efficiency. A decreasing MSE value across training epochs validates the CNN model’s ability to learn and optimize effectively. The MSE formula is expressed as:

Matthews correlation coefficient (MCC): Measures overall classification performance, particularly for imbalanced datasets. A high MCC score indicates that the model performs well across all classification categories, even in imbalanced datasets. The MCC formula is expressed as:

G-mean (geometric mean for imbalanced data): Evaluates the model’s ability to maintain classification performance for both majority and minority classes in cybersecurity threats. The G-Mean formula is expressed as:

The G-Mean score ensures that the model maintains balanced classification accuracy across various cyber threats, avoiding bias. By leveraging these validation metrics, the CNN model’s performance in cybersecurity threat detection is thoroughly assessed, ensuring accuracy, reliability, robustness, and practical applicability.

Comparative analysis

Table 2 shows significant improvements with the proposed CNN-RNN architecture. The model achieved 95% accuracy on the test set, surpassing the existing system. With a training loss of 0.1832 and validation loss of 0.1541, the model demonstrates excellent fit and generalization, minimizing overfitting. The system also reduces time complexity, making it suitable for real-time applications, and converges faster, reaching optimal performance in 10 epochs. The use of structured layers and dropout layers improves interpretability and robustness. Overall, the system offers greater generalization, making it a resilient and reliable solution for cybersecurity data analytics.

Table 2.

Comparison of Existing and Proposed System.

Parameter	Existing system	Proposed system
Accuracy	Lower	95%
Final training loss	Higher	0.1832
Validation loss	Higher	0.1541
Time complexity	Moderate	Lower
Epochs	Higher	10
Interpretability	Moderate	High
Convergence speed	Slower	Faster
Overfitting risk	Higher	Lower (with dropout)
Robustness	Lower	Higher
Generalization	Lower	Higher

Open in a new tab

Table 3 gives us a side-by-side look at how well the CNN model performs when trained on synthetic data versus real-world cybersecurity datasets like NSL-KDD and CICIDS2017. The improvement is clear–accuracy jumps from 85% to 95% when real-world data is used. Other key metrics like precision, recall, and F1-score also see a solid boost, showing the model does a better job recognizing real threats versus normal behavior. The AUC-ROC score improves too, suggesting more reliable performance in different classification scenarios. Not only does the model learn faster on real data–with fewer epochs and lower time complexity–but it also becomes more stable, thanks to techniques like dropout that reduce overfitting. Overall, using real-world data makes the model smarter, faster, and more resilient, making it a strong candidate for use in real-time cybersecurity applications.

Table 3.

Comparison of synthetic dataset vs. real-world dataset (NSL-KDD/CICIDS2017).

Metric	Synthetic dataset	Real-world dataset (NSL-KDD/CICIDS2017)
Accuracy (%)	85.00%	95.00%
Precision (%)	84.20%	94.50%
Recall (%)	83.50%	95.20%
F1-Score (%)	83.80%	94.80%
AUC-ROC Score	0.89	0.97
Training Loss	0.31	0.1832
Validation Loss	0.29	0.1541
Time Complexity (Training Time)	Moderate	Lower
Epochs for Convergence	20 epochs	10 epochs
Overfitting Risk	Moderate	Lower (with Dropout)
Robustness to Noise/Attacks	Moderate	High

Open in a new tab

Conclusion

This research explored the potential of CNNs in cybersecurity data analytics, focusing on anomaly and threat detection using a synthetic dataset. The literature review highlighted CNNs’ success in image-based tasks, but their application in cybersecurity remained underexplored. To bridge this gap, we adapted CNNs to a synthetic cybersecurity dataset, providing valuable insights into their performance. We meticulously crafted the synthetic dataset to simulate cybersecurity events and network traffic, applying standard data preprocessing techniques for compatibility with CNNs. The CNN model was designed with convolutional layers, max-pooling layers, and fully connected layers, enabling it to autonomously learn relevant features and classify cybersecurity incidents. After training the model on the synthetic dataset, we evaluated its performance on the test set, achieving impressive results with high accuracy in detecting anomalies and classifying cybersecurity events. The learning curves demonstrated minimal overfitting, indicating the model’s ability to generalize effectively. Loss curves showed steady improvement over epochs, confirming strong learning capabilities. However, we acknowledge that synthetic data may not fully capture the complexities of real-world cybersecurity incidents. The study suggests that future research should focus on incorporating real-world datasets to validate CNN performance and enhance applicability. Further elaboration on potential model biases and the importance of diverse datasets is recommended to improve model resilience. Future research should aim to integrate authentic and diverse datasets to assess CNN performance in real-world conditions. In conclusion, the successful adaptation of CNNs to synthetic cybersecurity data demonstrates their potential for anomaly detection and system fortification, laying a strong foundation for future work in real-world cybersecurity applications.

Acknowledgements

The authors are thankful to the Deanship of Research and Graduate Studies, King Khalid University, Abha, Saudi Arabia, for financially supporting this work through the Large Research Group Project under Grant no. R.G.P.2/478/46.

Author contributions

All authors contributed equally to the conceptualization, formal analysis, investigation, methodology, and writing and editing of the original draft. All authors have read and agreed to the published version of the manuscript.

Funding

The research is partially funded by Zhejiang Provincial Natural Science Foundation Youth Fund Project (Grant No. LQ23F010004)

The National Natural Science Youth Science Foundation Project (Grant No. 62201508).

Data availability

The full code used for this research is available at https://github.com/srinuasadi651/CybersecurityMLDL.

Declarations

Competing interests

The authors declare no competing interests.

Footnotes

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Contributor Information

Asadi Srinivasulu, Email: srinuasadi@gmail.com, Email: head.research@bluecrest.edu.lr.

Tae-hoon Kim, Email: 323020@zust.edu.cn.

References

1.Sarker, I. H. Deep cybersecurity: A comprehensive overview from neural network and deep learning perspective. SN Comput. Sci.2, 154 (2021). [Google Scholar]
2.Ferrag, M. A., Maglaras, L., Moschoyiannis, S. & Janicke, H. Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. J. Inform. Secur. Appl.50, 102419 (2020). [Google Scholar]
3.Gümüşbaş, D., Yıldırım, T., Genovese, A. & Scotti, F. A comprehensive survey of databases and deep learning methods for cybersecurity and intrusion detection systems. IEEE Systems Journal15, 1717–1731 (2020). [Google Scholar]
4.Mijwil, M. M., Salem, I. E. & Ismaeel, M. M. The significance of machine learning and deep learning techniques in cybersecurity: A comprehensive review. Iraqi J. Comput. Sci. Math.4, 10 (2023). [Google Scholar]
5.Muna, A.-H., Moustafa, N. & Sitnikova, E. Identification of malicious activities in industrial internet of things based on deep learning models. J. Inform. Secur. Appl.41, 1–11 (2018). [Google Scholar]
6.Khan, M. A. HCRNNIDS: Hybrid convolutional recurrent neural network-based network intrusion detection system. Processes9, 834 (2021). [Google Scholar]
7.Ferrag, M. A., Friha, O., Maglaras, L., Janicke, H. & Shu, L. Federated deep learning for cyber security in the internet of things: Concepts, applications, and experimental analysis. IEEE Access9, 138509–138542 (2021). [Google Scholar]
8.Chen, D., Wawrzynski, P. & Lv, Z. Cyber security in smart cities: a review of deep learning-based applications and case studies. Sustain. Cities Soc.66, 102655 (2021). [Google Scholar]
9.Abou El Houda, Z., Brik, B. & Khoukhi, L. Why should I trust your ids An explainable deep learning framework for intrusion detection systems in internet of things networks. IEEE Open J. Commun. Soc.3, 1164–1176 (2022). [Google Scholar]
10.Wylde, V. et al. Cybersecurity, data privacy and blockchain: A review. SN Comput. Sci.3, 127 (2022). [DOI] [PMC free article] [PubMed] [Google Scholar]
11.Fraga-Lamas, P. & Fernández-Caramés, T. M. Leveraging blockchain for sustainability and open innovation: A cyber-resilient approach toward eu green deal and un sustainable development goals. In Computer Security Threats (IntechOpen, 2020).
12.Rani, S. et al. Threats and corrective measures for IoT security with observance of cybercrime: A survey. Wireless Commun. Mob. Comput.2021, 5579148 (2021). [Google Scholar]
13.Tsimenidis, S., Lagkas, T. & Rantos, K. Deep learning in IoT intrusion detection. J. Netw. Syst. Manag.30, 8 (2022). [Google Scholar]
14.Tyagi, A. K., Nair, M. M., Niladhuri, S. & Abraham, A. Security, privacy research issues in various computing platforms: A survey and the road ahead. J. Inform. Assur. Secur.15, 1–16 (2020). [Google Scholar]
15.Omolara, A. E. et al. The internet of things security: A survey encompassing unexplored areas and new insights. Comput. Secur.112, 102494 (2022). [Google Scholar]
16.Dhanashekar, K. Identity threads in the cloud tapestry: A comprehensive study of federated identity management and its role in ensuring cloud security. In Cloud Security, 124–142 (Chapman and Hall/CRC, 2024).
17.Mishra, A., Gupta, N. & Gupta, B. Defense mechanisms against DDoS attack based on entropy in SDN-cloud using POX controller. Telecommun. syst.77, 47–62 (2021). [Google Scholar]
18.Kumar, A. & Sivakumar, P. Cat-squirrel optimization algorithm for VM migration in a cloud computing platform. Int. J. Semantic Web Inform. Syst. (IJSWIS)18, 1–23 (2022). [Google Scholar]
19.Tera, S. P. et al. CNN-based approach for enhancing 5g LDPC code decoding performance. IEEE Access (2024).
20.Renugadevi, M. et al. Machine learning empowered brain tumor segmentation and grading model for lifetime prediction. IEEE Access (2023).
21.Ravikumar, C. et al. Developing novel channel estimation and hybrid precoding in millimeter-wave communication system using heuristic-based deep learning. Energy268, 126600 (2023). [Google Scholar]
22.Tera, S. P., Chinthaginjala, R., Natha, P., Ahmad, S. & Pau, G. Deep learning approach for efficient 5g LDPC decoding in IoT. IEEE Access (2024).
23.Natha, P. et al. Boosting skin cancer diagnosis accuracy with ensemble approach. Sci. Rep.15, 1290 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]
24.Jyothi, K. K. et al. A novel optimized neural network model for cyber attack detection using enhanced whale optimization algorithm. Sc. Rep.14, 5590 (2024). [DOI] [PMC free article] [PubMed] [Google Scholar]
25.Natha, P. & RajaRajeswari, P. Advancing skin cancer prediction using ensemble models. Computers13, 157 (2024). [Google Scholar]
26.Karthiga, R. et al. A novel exploratory hybrid deep neural network to predict breast cancer for mammography based on wavelet features. Multimed. Tools Appl.83, 65441–65467 (2024). [Google Scholar]
27.Navabharat Reddy, G. & Ravikumar, C. V. Ensemble learning-based channel estimation and hybrid precoding for millimeter-wave massive multiple input multiple output system. Trans. Emerg. Telecommun. Technol.34, e4766 (2023). [Google Scholar]
28.Tera, S. P., Chinthaginjala, R., Pau, G. & Kim, T. H. Towards 6g: An overview of the next generation of intelligent network connectivity. IEEE Access (2024).
29.Manasa, B. et al. A novel channel estimation framework in mimo using serial cascaded multiscale autoencoder and attention lstm with hybrid heuristic algorithm. Sensors23, 9154 (2023). [DOI] [PMC free article] [PubMed] [Google Scholar]
30.Kim, T. H., Chinthaginjala, R., Srinivasulu, A., Tera, S. P. & Rab, S. O. Covid-19 health data prediction: a critical evaluation of CNN-based approaches. Sci. Rep.15, 9121 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]
31.Chinthaginjala, R. et al. Hybrid ai and semiconductor approaches for power quality improvement. Sci. Rep.15, 25640 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]
32.Kim, T.-H. et al. Enhancing cybersecurity through script development using machine and deep learning for advanced threat mitigation. Sci. Rep.15, 8297 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]
33.Tera, S. P., Alantattil, R. & Paily, R. A flexible FPGA-based stochastic decoder for 5g LDPC codes. Electronics12, 4986 (2023). [Google Scholar]
34.Sreenivasulu, V. & Ravikumar, C. Fractalnet-based key generation for authentication in voice over IP using blockchain. Ain Shams Eng. J.16, 103286 (2025). [Google Scholar]
35.Tera, S. P., Chinthaginjala, R., Shahzadi, I., Natha, P. & Rab, S. O. Deep learning approach for automated HMPV classification. Sci. Rep.15, 29068 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]
36.Chukwunweike, J. N., Praise, A. & Bashirat, B. Harnessing machine learning for cybersecurity: How convolutional neural networks are revolutionizing threat detection and data privacy. Int. J. Res. Pub. Rev.5 (2024).
37.Nazir, A. et al. A deep learning-based novel hybrid CNN-LSTM architecture for efficient detection of threats in the IoT ecosystem. Ain Shams Eng. J.15, 102777 (2024). [Google Scholar]
38.Górriz, J. M. et al. Artificial intelligence within the interplay between natural and artificial computation: Advances in data science, trends and applications. Neurocomputing410, 237–270 (2020). [Google Scholar]
39.El Mestari, S. Z., Lenzini, G. & Demirci, H. Preserving data privacy in machine learning systems. Comput. Secur.137, 103605 (2024). [Google Scholar]
40.Kamal, H. & Mashaly, M. Advanced hybrid transformer-CNN deep learning model for effective intrusion detection systems with class imbalance mitigation using resampling techniques. Future Internet16, 481 (2024). [Google Scholar]
41.Shaukat, K., Luo, S., Varadharajan, V., Hameed, I. A. & Xu, M. A survey on machine learning techniques for cyber security in the last decade. IEEE Access8, 222310–222354 (2020). [Google Scholar]
42.Kolukisa, B., Dedeturk, B. K., Hacilar, H. & Gungor, V. C. An efficient network intrusion detection approach based on logistic regression model and parallel artificial bee colony algorithm. Comput. Stand. Interfaces89, 103808 (2024). [Google Scholar]
43.Martínez Torres, J., Iglesias Comesana, C. & García-Nieto, P. J. Machine learning techniques applied to cybersecurity. Int. J. Mach. Learn. Cybernetics10(10), 2823–2836 (2019). [Google Scholar]
44.Sarker, I. H. Cyberlearning: Effectiveness analysis of machine learning security modeling to detect cyber-anomalies and multi-attacks. Internet of Things14, 100393 (2021). [Google Scholar]
45.Qazi, E. U. H., Almorjan, A. & Zia, T. A one-dimensional convolutional neural network (1d-CNN) based deep learning system for network intrusion detection. Appl. Sci.12, 7986 (2022). [Google Scholar]
46.Parisapogu, S. A. B., Annavarapu, C. S. R. & Elloumi, M. 1-dimensional convolution neural network classification technique for gene expression data. Deep Learn. Biomed. Data Anal. Techn. Approach. Appl. 3–26 (2021).
47.Zhang, S., Wei, H.-L. & Ding, J. An effective zero-shot learning approach for intelligent fault detection using 1d CNN. Appl. Intell.53, 16041–16058 (2023). [Google Scholar]
48.Chen, Y. et al. Dynamic relu. In European conference on computer vision, 351–367 (Springer, 2020).
49.Daubechies, I., DeVore, R., Foucart, S., Hanin, B. & Petrova, G. Nonlinear approximation and (deep) relu networks. Construct. Approx.55, 127–172 (2022). [Google Scholar]
50.Xu, J., Li, Z., Du, B., Zhang, M. & Liu, J. Reluplex made more practical: Leaky relu. In 2020 IEEE Symposium on Computers and communications (ISCC), 1–7 (IEEE, 2020).
51.Li, Y. & Yuan, Y. Convergence analysis of two-layer neural networks with relu activation. Adv. Neural Inform. Process. Syst.30 (2017).
52.Ho, Y. & Wookey, S. The real-world-weight cross-entropy loss function: Modeling the costs of mislabeling. IEEE Access8, 4806–4813 (2019). [Google Scholar]
53.Zhang, Z. & Sabuncu, M. Generalized cross entropy loss for training deep neural networks with noisy labels. Adv. Neural Inform. Process. Syst.31 (2018). [PMC free article] [PubMed]
54.Ruby, U. & Yendapalli, V. Binary cross entropy with deep learning technique for image classification. Int. J. Adv. Trends Comput. Sci. Eng9 (2020).
55.Zhang, Z. Improved adam optimizer for deep neural networks. In 2018 IEEE/ACM 26th international symposium on quality of service (IWQoS), 1–2 (Ieee, 2018).
56.Reyad, M., Sarhan, A. M. & Arafa, M. A modified Adam algorithm for deep neural network optimization. Neural Comput. Appl.35, 17095–17112 (2023). [Google Scholar]
57.Jais, I. K. M., Ismail, A. R. & Nisa, S. Q. Adam optimization algorithm for wide and deep neural network. Knowl. Eng. Data Sci.2, 41–46 (2019). [Google Scholar]
58.Ogundokun, R. O., Maskeliunas, R., Misra, S. & Damaševičius, R. Improved cnn based on batch normalization and adam optimizer. In International Conference on Computational Science and Its Applications, 593–604 (Springer, 2022).

Associated Data

This section collects any data citations, data availability statements, or supplementary materials included in this article.

Data Availability Statement

The full code used for this research is available at https://github.com/srinuasadi651/CybersecurityMLDL.

[CR1] 1.Sarker, I. H. Deep cybersecurity: A comprehensive overview from neural network and deep learning perspective. SN Comput. Sci.2, 154 (2021). [Google Scholar]

[CR2] 2.Ferrag, M. A., Maglaras, L., Moschoyiannis, S. & Janicke, H. Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. J. Inform. Secur. Appl.50, 102419 (2020). [Google Scholar]

[CR3] 3.Gümüşbaş, D., Yıldırım, T., Genovese, A. & Scotti, F. A comprehensive survey of databases and deep learning methods for cybersecurity and intrusion detection systems. IEEE Systems Journal15, 1717–1731 (2020). [Google Scholar]

[CR4] 4.Mijwil, M. M., Salem, I. E. & Ismaeel, M. M. The significance of machine learning and deep learning techniques in cybersecurity: A comprehensive review. Iraqi J. Comput. Sci. Math.4, 10 (2023). [Google Scholar]

[CR5] 5.Muna, A.-H., Moustafa, N. & Sitnikova, E. Identification of malicious activities in industrial internet of things based on deep learning models. J. Inform. Secur. Appl.41, 1–11 (2018). [Google Scholar]

[CR6] 6.Khan, M. A. HCRNNIDS: Hybrid convolutional recurrent neural network-based network intrusion detection system. Processes9, 834 (2021). [Google Scholar]

[CR7] 7.Ferrag, M. A., Friha, O., Maglaras, L., Janicke, H. & Shu, L. Federated deep learning for cyber security in the internet of things: Concepts, applications, and experimental analysis. IEEE Access9, 138509–138542 (2021). [Google Scholar]

[CR8] 8.Chen, D., Wawrzynski, P. & Lv, Z. Cyber security in smart cities: a review of deep learning-based applications and case studies. Sustain. Cities Soc.66, 102655 (2021). [Google Scholar]

[CR9] 9.Abou El Houda, Z., Brik, B. & Khoukhi, L. Why should I trust your ids An explainable deep learning framework for intrusion detection systems in internet of things networks. IEEE Open J. Commun. Soc.3, 1164–1176 (2022). [Google Scholar]

[CR10] 10.Wylde, V. et al. Cybersecurity, data privacy and blockchain: A review. SN Comput. Sci.3, 127 (2022). [DOI] [PMC free article] [PubMed] [Google Scholar]

[CR11] 11.Fraga-Lamas, P. & Fernández-Caramés, T. M. Leveraging blockchain for sustainability and open innovation: A cyber-resilient approach toward eu green deal and un sustainable development goals. In Computer Security Threats (IntechOpen, 2020).

[CR12] 12.Rani, S. et al. Threats and corrective measures for IoT security with observance of cybercrime: A survey. Wireless Commun. Mob. Comput.2021, 5579148 (2021). [Google Scholar]

[CR13] 13.Tsimenidis, S., Lagkas, T. & Rantos, K. Deep learning in IoT intrusion detection. J. Netw. Syst. Manag.30, 8 (2022). [Google Scholar]

[CR14] 14.Tyagi, A. K., Nair, M. M., Niladhuri, S. & Abraham, A. Security, privacy research issues in various computing platforms: A survey and the road ahead. J. Inform. Assur. Secur.15, 1–16 (2020). [Google Scholar]

[CR15] 15.Omolara, A. E. et al. The internet of things security: A survey encompassing unexplored areas and new insights. Comput. Secur.112, 102494 (2022). [Google Scholar]

[CR16] 16.Dhanashekar, K. Identity threads in the cloud tapestry: A comprehensive study of federated identity management and its role in ensuring cloud security. In Cloud Security, 124–142 (Chapman and Hall/CRC, 2024).

[CR17] 17.Mishra, A., Gupta, N. & Gupta, B. Defense mechanisms against DDoS attack based on entropy in SDN-cloud using POX controller. Telecommun. syst.77, 47–62 (2021). [Google Scholar]

[CR18] 18.Kumar, A. & Sivakumar, P. Cat-squirrel optimization algorithm for VM migration in a cloud computing platform. Int. J. Semantic Web Inform. Syst. (IJSWIS)18, 1–23 (2022). [Google Scholar]

[CR19] 19.Tera, S. P. et al. CNN-based approach for enhancing 5g LDPC code decoding performance. IEEE Access (2024).

[CR20] 20.Renugadevi, M. et al. Machine learning empowered brain tumor segmentation and grading model for lifetime prediction. IEEE Access (2023).

[CR21] 21.Ravikumar, C. et al. Developing novel channel estimation and hybrid precoding in millimeter-wave communication system using heuristic-based deep learning. Energy268, 126600 (2023). [Google Scholar]

[CR22] 22.Tera, S. P., Chinthaginjala, R., Natha, P., Ahmad, S. & Pau, G. Deep learning approach for efficient 5g LDPC decoding in IoT. IEEE Access (2024).

[CR23] 23.Natha, P. et al. Boosting skin cancer diagnosis accuracy with ensemble approach. Sci. Rep.15, 1290 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]

[CR24] 24.Jyothi, K. K. et al. A novel optimized neural network model for cyber attack detection using enhanced whale optimization algorithm. Sc. Rep.14, 5590 (2024). [DOI] [PMC free article] [PubMed] [Google Scholar]

[CR25] 25.Natha, P. & RajaRajeswari, P. Advancing skin cancer prediction using ensemble models. Computers13, 157 (2024). [Google Scholar]

[CR26] 26.Karthiga, R. et al. A novel exploratory hybrid deep neural network to predict breast cancer for mammography based on wavelet features. Multimed. Tools Appl.83, 65441–65467 (2024). [Google Scholar]

[CR27] 27.Navabharat Reddy, G. & Ravikumar, C. V. Ensemble learning-based channel estimation and hybrid precoding for millimeter-wave massive multiple input multiple output system. Trans. Emerg. Telecommun. Technol.34, e4766 (2023). [Google Scholar]

[CR28] 28.Tera, S. P., Chinthaginjala, R., Pau, G. & Kim, T. H. Towards 6g: An overview of the next generation of intelligent network connectivity. IEEE Access (2024).

[CR29] 29.Manasa, B. et al. A novel channel estimation framework in mimo using serial cascaded multiscale autoencoder and attention lstm with hybrid heuristic algorithm. Sensors23, 9154 (2023). [DOI] [PMC free article] [PubMed] [Google Scholar]

[CR30] 30.Kim, T. H., Chinthaginjala, R., Srinivasulu, A., Tera, S. P. & Rab, S. O. Covid-19 health data prediction: a critical evaluation of CNN-based approaches. Sci. Rep.15, 9121 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]

[CR31] 31.Chinthaginjala, R. et al. Hybrid ai and semiconductor approaches for power quality improvement. Sci. Rep.15, 25640 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]

[CR32] 32.Kim, T.-H. et al. Enhancing cybersecurity through script development using machine and deep learning for advanced threat mitigation. Sci. Rep.15, 8297 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]

[CR33] 33.Tera, S. P., Alantattil, R. & Paily, R. A flexible FPGA-based stochastic decoder for 5g LDPC codes. Electronics12, 4986 (2023). [Google Scholar]

[CR34] 34.Sreenivasulu, V. & Ravikumar, C. Fractalnet-based key generation for authentication in voice over IP using blockchain. Ain Shams Eng. J.16, 103286 (2025). [Google Scholar]

[CR35] 35.Tera, S. P., Chinthaginjala, R., Shahzadi, I., Natha, P. & Rab, S. O. Deep learning approach for automated HMPV classification. Sci. Rep.15, 29068 (2025). [DOI] [PMC free article] [PubMed] [Google Scholar]

[CR36] 36.Chukwunweike, J. N., Praise, A. & Bashirat, B. Harnessing machine learning for cybersecurity: How convolutional neural networks are revolutionizing threat detection and data privacy. Int. J. Res. Pub. Rev.5 (2024).

[CR37] 37.Nazir, A. et al. A deep learning-based novel hybrid CNN-LSTM architecture for efficient detection of threats in the IoT ecosystem. Ain Shams Eng. J.15, 102777 (2024). [Google Scholar]

[CR38] 38.Górriz, J. M. et al. Artificial intelligence within the interplay between natural and artificial computation: Advances in data science, trends and applications. Neurocomputing410, 237–270 (2020). [Google Scholar]

[CR39] 39.El Mestari, S. Z., Lenzini, G. & Demirci, H. Preserving data privacy in machine learning systems. Comput. Secur.137, 103605 (2024). [Google Scholar]

[CR40] 40.Kamal, H. & Mashaly, M. Advanced hybrid transformer-CNN deep learning model for effective intrusion detection systems with class imbalance mitigation using resampling techniques. Future Internet16, 481 (2024). [Google Scholar]

[CR41] 41.Shaukat, K., Luo, S., Varadharajan, V., Hameed, I. A. & Xu, M. A survey on machine learning techniques for cyber security in the last decade. IEEE Access8, 222310–222354 (2020). [Google Scholar]

[CR42] 42.Kolukisa, B., Dedeturk, B. K., Hacilar, H. & Gungor, V. C. An efficient network intrusion detection approach based on logistic regression model and parallel artificial bee colony algorithm. Comput. Stand. Interfaces89, 103808 (2024). [Google Scholar]

[CR43] 43.Martínez Torres, J., Iglesias Comesana, C. & García-Nieto, P. J. Machine learning techniques applied to cybersecurity. Int. J. Mach. Learn. Cybernetics10(10), 2823–2836 (2019). [Google Scholar]

[CR44] 44.Sarker, I. H. Cyberlearning: Effectiveness analysis of machine learning security modeling to detect cyber-anomalies and multi-attacks. Internet of Things14, 100393 (2021). [Google Scholar]

[CR45] 45.Qazi, E. U. H., Almorjan, A. & Zia, T. A one-dimensional convolutional neural network (1d-CNN) based deep learning system for network intrusion detection. Appl. Sci.12, 7986 (2022). [Google Scholar]

[CR46] 46.Parisapogu, S. A. B., Annavarapu, C. S. R. & Elloumi, M. 1-dimensional convolution neural network classification technique for gene expression data. Deep Learn. Biomed. Data Anal. Techn. Approach. Appl. 3–26 (2021).

[CR47] 47.Zhang, S., Wei, H.-L. & Ding, J. An effective zero-shot learning approach for intelligent fault detection using 1d CNN. Appl. Intell.53, 16041–16058 (2023). [Google Scholar]

[CR48] 48.Chen, Y. et al. Dynamic relu. In European conference on computer vision, 351–367 (Springer, 2020).

[CR49] 49.Daubechies, I., DeVore, R., Foucart, S., Hanin, B. & Petrova, G. Nonlinear approximation and (deep) relu networks. Construct. Approx.55, 127–172 (2022). [Google Scholar]

[CR50] 50.Xu, J., Li, Z., Du, B., Zhang, M. & Liu, J. Reluplex made more practical: Leaky relu. In 2020 IEEE Symposium on Computers and communications (ISCC), 1–7 (IEEE, 2020).

[CR51] 51.Li, Y. & Yuan, Y. Convergence analysis of two-layer neural networks with relu activation. Adv. Neural Inform. Process. Syst.30 (2017).

[CR52] 52.Ho, Y. & Wookey, S. The real-world-weight cross-entropy loss function: Modeling the costs of mislabeling. IEEE Access8, 4806–4813 (2019). [Google Scholar]

[CR53] 53.Zhang, Z. & Sabuncu, M. Generalized cross entropy loss for training deep neural networks with noisy labels. Adv. Neural Inform. Process. Syst.31 (2018). [PMC free article] [PubMed]

[CR54] 54.Ruby, U. & Yendapalli, V. Binary cross entropy with deep learning technique for image classification. Int. J. Adv. Trends Comput. Sci. Eng9 (2020).

[CR55] 55.Zhang, Z. Improved adam optimizer for deep neural networks. In 2018 IEEE/ACM 26th international symposium on quality of service (IWQoS), 1–2 (Ieee, 2018).

[CR56] 56.Reyad, M., Sarhan, A. M. & Arafa, M. A modified Adam algorithm for deep neural network optimization. Neural Comput. Appl.35, 17095–17112 (2023). [Google Scholar]

[CR57] 57.Jais, I. K. M., Ismail, A. R. & Nisa, S. Q. Adam optimization algorithm for wide and deep neural network. Knowl. Eng. Data Sci.2, 41–46 (2019). [Google Scholar]

[CR58] 58.Ogundokun, R. O., Maskeliunas, R., Misra, S. & Damaševičius, R. Improved cnn based on batch normalization and adam optimizer. In International Conference on Computational Science and Its Applications, 593–604 (Springer, 2022).

PERMALINK

Leveraging data analytics to revolutionize cybersecurity with machine learning and deep learning

Asadi Srinivasulu

Tae-hoon Kim

Ravikumar Chinthaginjala

Xin Zhao

Irfan Ahmad

Abstract

Introduction

Unraveling cyber security insights: background and objectives

Literature review

Empowering defense with cyber security data analytics

Table 1.

Unleashing the potential of CNNs in safeguarding cyberspace

Data generation and preprocessing

Synthetic data

Fig. 1.

CNN model design and implementation

Fig. 2.

Fig. 3.

Results and analysis

Discussion

Decoding intelligence: interpreting the impact of findings

Navigating the frontier: limitations and strategic implications

Fig. 4.

Fig. 5.

Fig. 6.

Fig. 7.

Performance evaluation

Comparative analysis

Table 2.

Table 3.

Conclusion

Acknowledgements

Author contributions

Funding

Data availability

Declarations

Competing interests

Footnotes

Contributor Information

References

Associated Data

Data Availability Statement

ACTIONS

PERMALINK

RESOURCES

Similar articles

Cited by other articles

Links to NCBI Databases