| Abstract: |
The rapid proliferation of sophisticated cyber threats—encompassing intrusion attempts, malware propagation, distributed denial-of-service (DDoS) attacks, phishing campaigns, and advanced persistent threats (APTs)—has rendered traditional signature-based security systems increasingly inadequate for modern threat landscapes. Machine learning (ML) and deep learning (DL) have emerged as transformative paradigms in cyber security, offering the capacity to detect novel, zero-day, and polymorphic threats through pattern recognition and adaptive model training. This empirical study investigates the comparative detection performance, threat classification accuracy, and adversarial robustness of six prominent ML and DL architectures—Logistic Regression, Random Forest, Support Vector Machine (SVM), Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM), and a hybrid CNN-LSTM model—evaluated on the UNSW-NB15 and CIC-IDS-2017 benchmark datasets. Experiments were conducted under controlled conditions to measure accuracy, precision, recall, F1-score, false positive rate (FPR), and training time across binary and multiclass classification tasks. The hybrid CNN-LSTM model achieved the highest detection accuracy of 99.21% on binary classification and an F1-score of 98.74% on multiclass threat categorization. Classical ML models demonstrated competitive performance with substantially lower computational overhead, while deep learning architectures showed superior generalization on temporal network traffic patterns. The study concludes that ensemble and hybrid architectures represent the optimal trade-off between detection effectiveness and computational feasibility, and identifies adversarial robustness as the most critical open challenge for production-grade cyber security deployment. |