Vol.:(0123456789) 1 3 International Journal of Machine Learning and Cybernetics https://doi.org/10.1007/s13042-018-00906-1 ORIGINAL ARTICLE Review: machine learning techniques applied to cybersecurity Javier Martínez Torres 1  · Carla Iglesias Comesaña 2  · Paulino J. García‑Nieto 3 Received: 20 October 2017 / Accepted: 18 December 2018 © Springer-Verlag GmbH Germany, part of Springer Nature 2019 Abstract Machine learning techniques are a set of mathematical models to solve high non-linearity problems of diferent topics: pre- diction, classifcation, data association, data conceptualization. In this work, the authors review the applications of machine learning techniques in the feld of cybersecurity describing before the diferent classifcations of the models based on (1) their structure, network-based or not, (2) their learning process, supervised or unsupervised and (3) their complexity. All the capabilities of machine learning techniques are to be regarded, but authors focus on prediction and classifcation, highlighting the possibilities of improving the models in order to minimize the error rates in the applications developed and available in the literature. This work presents the importance of diferent error criteria as the confusion matrix or mean absolute error in classifcation problems, and relative error in regression problems. Furthermore, special attention is paid to the application of the models in this review work. There are a wide variety of possibilities, applying these models to intrusion detection, or to detection and classifcation of attacks, to name a few. However, other important and innovative applications in the feld of cybersecurity are presented. This work should serve as a guide for new researchers and those who want to immerse themselves in the feld of machine learning techniques within cybersecurity. Keywords Cybersecurity · Detection systems · Internet threats · Machine learning · Security 1 Introduction Internet has become an essential resource for people: in 2014, about 40% of the world’s population uses the Internet and this fgure increases up to 78% in the developed coun- tries [1]. The North Atlantic Treaty Organization (NATO) identifes the internet as “a critical national resource for governments, a vital part of national infrastructures, and a key driver of socio-economic growth and development” [2]. Associated to the spread of Internet usage, malicious code and software have appeared to compromise computer sys- tems, attacking and destroying the information they contain [3]. This type of attacks are designed to gather users’ infor- mation such as credit card numbers or passwords, but also for distributing information without the user’s consent [3]. Malware is defned as software capable of damaging data and systems [4]. It is a threat not only for the individuals but also to organizations, companies and even governments, including both civil and military infrastructures [5], that are at risk of losing valuable information as well as their reputa- tion [6]. Many examples can be found in recent years involv- ing the steal of credit and debit cards from Web payment systems, the steal of part of Google’s intellectual property, or the exposure of users personal information, to name a few [6]. Another essential sector is the power sector, a target to cyber-attacks whose security has also been regarded (see [7–9] and references within). However, if there is a cyber-attack that should be high- lighted, it is the attacks sufered by Estonia in 2007. For 3 weeks, Estonia experienced what is considered the frst cyberwar provoked by the removal of a Soviet monument erected in Tallin in 1947. The target were the websites of diferent Estonian organizations such as banks, universities or newspapers. This frst cyberwar lead to the announce- ment of a Policy on Cyber Defence as part of the NATO Bucharest Summit Declaration in 2008 [10]. Since then, NATO nations have participated in multinational projects to enhance their cyber defense capabilities, and the protection * Javier Martínez Torres javier.martineztorres@unir.net 1 Universidad Internacional de la Rioja, Logroño, Spain 2 University of Vigo, Vigo, Spain 3 University of Oviedo, Oviedo, Spain