Security systems are one of the crucial topics in the era of digital transformation. In the use of digital technology, security systems are used to ensure the confidentiality, integrity, and availability of data. Machine learning techniques can be applied to support the system's adaptability to the environment, so that prevention, detection and recovery can be carried out. Given the importance of these things, it is necessary to review the literature to find out how machine learning is applied to security systems. This paper presents a summary of 31 research papers to determine what machine learning techniques or methods are the most promising for prevention, detection and recovery. The research stages in this paper consist of 6 stages, namely: formulating research questions, searching for articles, documenting search strategies, selecting studies, assessing article quality, and extracting data obtained from articles. Based on the results of the study, it was found that the K-means method was the most promising for prevention, while for detection, SVM could be used, and for security recovery, machine learning could be implemented using NLP-based features.

[1] M. A. . Maloof and J. Lakhmi, Machine Learning and Data Mining for Comp Sec. .

[2] T. Alves, R. Das, and T. Morris, “Embedding Encryption and Machine Learning Intrusion Prevention Systems on Programmable Logic Controllers,” IEEE Embed. Syst. Lett., vol. 10, no. 3, pp. 99–102, 2018, doi: 10.1109/LES.2018.2823906.

[3] Y. Zhang, M. Simsek, and B. Kantarci, “Machine learning-based prevention of battery-oriented illegitimate task injection in mobile crowdsensing,” WiseML 2019 - Proc. 2019 ACM Work. Wirel. Secur. Mach. Learn., pp. 31–36, 2019, doi: 10.1145/3324921.3328786.

[4] S. Das and M. J. Nene, “A survey on types of machine learning techniques in intrusion prevention systems,” Proc. 2017 Int. Conf. Wirel. Commun. Signal Process. Networking, WiSPNET 2017, vol. 2018-Janua, pp. 2296–2299, 2018, doi: 10.1109/WiSPNET.2017.8300169.

[5] A. L. Buczak and E. Guven, “A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection,” IEEE Commun. Surv. Tutorials, vol. 18, no. 2, pp. 1153–1176, 2016, doi: 10.1109/COMST.2015.2494502.

[6] R. Geetha and T. Thilagam, “A Review on the Effectiveness of Machine Learning and Deep Learning Algorithms for Cyber Security,” Arch. Comput. Methods Eng., pp. 371–390, 2020, doi: 10.1007/s11831-020-09478-2.

[7] L. Chen, S. Hou, and Y. Ye, “Securedroid: Enhancing security of machine learning-based detection against adversarial android malware attacks,” ACM Int. Conf. Proceeding Ser., vol. Part F1325, pp. 362–372, 2017, doi: 10.1145/3134600.3134636.

[8] I. H. Sarker, Y. B. Abushark, F. Alsolami, and A. I. Khan, “IntruDTree: A machine learning based cyber security intrusion detection model,” Symmetry (Basel)., vol. 12, no. 5, pp. 1–15, 2020, doi: 10.3390/SYM12050754.

[9] F. Sadikin, T. van Deursen, and S. Kumar, “A ZigBee Intrusion Detection System for IoT using Secure and Efficient Data Collection,” Internet of Things, vol. 12, p. 100306, 2020, doi: 10.1016/j.iot.2020.100306.

[10] J. Fang, Y. Shen, H. Li, and P. Wang, “Pattern-coupled sparse bayesian learning for recovery of block-sparse signals,” IEEE Trans. Signal Process., vol. 63, no. 2, pp. 360–372, 2015, doi: 10.1109/TSP.2014.2375133.

[11] Y. Liu, Y. Wan, and X. Su, “Identifying individual expectations in service recovery through natural language processing and machine learning,” Expert Syst. Appl., vol. 131, pp. 288–298, 2019, doi: 10.1016/j.eswa.2019.04.063.

[12] B. Kitchenham et al.,“Systematic literature reviews in software engineering-A tertiary study,"Inf.Softw.Technol,vol.52,no.8,pp.792–805,2010,doi:10.1016/j.infsof.2010.03.006

[13] B. Liao, Y. Ali, S. Nazir, L. He, and H. U. Khan, “Security Analysis of IoT Devices by Using Mobile Computing: A Systematic Literature Review,” IEEE Access, vol. 8, pp. 120331–120350, 2020, doi: 10.1109/ACCESS.2020.3006358.

[14] B. Kitchenham and S. Charters, “Guidelines for performing Systematic Literature Reviews in Software Engineering,” 2007, doi: 10.1145/1134285.1134500.

[15] M. Bagaa, T. Taleb, J. B. Bernabe, and A. Skarmeta, “A Machine Learning Security Framework for Iot Systems,” IEEE Access, vol. 8, pp. 114066–114077, 2020, doi: 10.1109/ACCESS.2020.2996214.

[16] A. B. Nassif, M. A. Talib, Q. Nasir, H. Albadani, and F. M. Dakalbab, “Machine Learning for Cloud Security: A Systematic Review,” IEEE Access, vol. 9, pp. 20717–20735, 2021, doi: 10.1109/ACCESS.2021.3054129.

[17] F. Hussain, R. Hussain, S. A. Hassan, and E. Hossain, “Machine Learning in IoT Security: Current Solutions and Future Challenges,” IEEE Commun. Surv. Tutorials, vol. 22, no. 3, pp. 1686–1721, 2020, doi: 10.1109/COMST.2020.2986444.

[18] F. Liang, W. G. Hatcher, W. Liao, W. Gao, and W. Yu, “Machine Learning for Security and the Internet of Things: The Good, the Bad, and the Ugly,” IEEE Access, vol. 7, pp. 158126–158147, 2019, doi: 10.1109/ACCESS.2019.2948912.

[19] S. Zwane, P. Tarwireyi, and M. Adigun, “Performance analysis of machine learning classifiers for intrusion detection,” 2018 Int. Conf. Intell. Innov. Comput. Appl. ICONIC 2018, pp. 1–5, 2019, doi: 10.1109/ICONIC.2018.8601203.

[20] A. G. Gedam and S. G. Shikalpure, “Direct kernel method for machine learning with support vector machine,” 2017 Int. Conf. Intell. Comput. Instrum. Control Technol. ICICICT 2017, vol. 2018-Janua, pp. 1772–1775, 2018, doi: 10.1109/ICICICT1.2017.8342839.

[21] K. A. P. da Costa, J. P. Papa, C. O. Lisboa, R. Munoz, and V. H. C. de Albuquerque, “Internet of Things: A survey on machine learning-based intrusion detection approaches,” Comput. Networks, vol. 151, pp. 147–157, 2019, doi: 10.1016/j.comnet.2019.01.023.

[22] E. Eziama, L. M. S. Jaimes, A. James, K. S. Nwizege, A. Balador, and K. Tepe, “Machine learning-based recommendation trust model for machine-to-machine communication,” 2018 IEEE Int. Symp. Signal Process. Inf. Technol. ISSPIT 2018, vol. 2019-Janua, pp. 1–6, 2018, doi: 10.1109/ISSPIT.2018.8705147.

[23] D. Kim, D. Shin, and D. Shin, “Unauthorized Access Point Detection Using Machine Learning Algorithms for Information Protection,” Proc. - 17th IEEE Int. Conf. Trust. Secur. Priv. Comput. Commun. 12th IEEE Int. Conf. Big Data Sci. Eng. Trust. 2018, pp. 1876–1878, 2018, doi: 10.1109/TrustCom/BigDataSE.2018.00284.

[24] E. Eziama, K. Tepe, A. Balador, K. S. Nwizege, and L. M. S. Jaimes, “Malicious Node Detection in Vehicular Ad-Hoc Network Using Machine Learning and Deep Learning,” 2018 IEEE Globecom Work. GC Wkshps 2018 - Proc., pp. 1–6, 2019, doi: 10.1109/GLOCOMW.2018.8644127.

[25] H. M. Farooq and N. M. Otaibi, “Optimal machine learning algorithms for cyber threat detection,” Proc. - 2018 UKSim-AMSS 20th Int. Conf. Model. Simulation, UKSim 2018, pp. 32–37, 2018, doi: 10.1109/UKSim.2018.00018.

[26] I. Ortiz Garces, M. F. Cazares, and R. O. Andrade, “Detection of phishing attacks with machine learning techniques in cognitive security architecture,” Proc. - 6th Annu. Conf. Comput. Sci. Comput. Intell. CSCI 2019, pp. 366–370, 2019, doi: 10.1109/CSCI49370.2019.00071.

[27] M. Nassar, “A Practical Scheme for Two-Party Private Linear Least Squares,” 2019, [Online]. Available: http://arxiv.org/abs/1901.09281.

[28] N. Zhang, F. Jaafar, and Y. Malik, “Low-Rate DoS Attack Detection Using PSD Based Entropy and Machine Learning,” Proc. - 6th IEEE Int. Conf. Cyber Secur. Cloud Comput. CSCloud 2019 5th IEEE Int. Conf. Edge Comput. Scalable Cloud, EdgeCom 2019, pp. 59–62, 2019, doi: 10.1109/CSCloud/EdgeCom.2019.00020.

[29] W. L. Al-Yaseen, Z. A. Othman, and M. Z. A. Nazri, “Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system,” Expert Syst. Appl., vol. 67, pp. 296–303, 2017, doi: 10.1016/j.eswa.2016.09.041.

[30] K. Goeschel, “Reducing false positives in intrusion detection systems using data-mining techniques utilizing support vector machines, decision trees, and naive Bayes for off-line analysis,” Conf. Proc. - IEEE SOUTHEASTCON, vol. 2016-July, 2016, doi: 10.1109/SECON.2016.7506774.

[31] K. Sharma and R. Nandal, “A literature study on machine learning fusion with IoT,” Proc. Int. Conf. Trends Electron. Informatics, ICOEI 2019, vol. 2019-April, no. Icoei, pp. 1440–1445, 2019, doi: 10.1109/icoei.2019.8862656.

[32] C. A. Jensen, M. A. El-Sharkawi, and R. J. Marks, “Power system security assessment using neural networks: Feature selection using fisher discrimination,” IEEE Trans. Power Syst., vol. 16, no. 4, pp. 757–763, 2001, doi: 10.1109/59.962423.

[33] R. Vishwakarma and A. K. Jain, “A honeypot with machine learning based detection framework for defending IoT based botnet DDoS attacks,” Proc. Int. Conf. Trends Electron. Informatics, ICOEI 2019, no. Icoei, pp. 1019–1024, 2019, doi: 10.1109/ICOEI.2019.8862720.

[34] W. Dou, Q. Chen, and J. Chen, “A confidence-based filtering method for DDoS attack defense in cloud environment,” Futur. Gener. Comput. Syst., vol. 29, no. 7, pp. 1838–1850, 2013, doi: 10.1016/j.future.2012.12.011.

[35] P. Bahad, P. Saxena, and R. Kamal, “Fake News Detection using Bi-directional LSTM-Recurrent Neural Network,” Procedia Comput. Sci., vol. 165, no. 2019, pp. 74–82, 2019, doi: 10.1016/j.procs.2020.01.072.

[36] Y. Li, K. Xiong, T. Chin, and C. Hu, “A Machine Learning Framework for Domain Generation Algorithm-Based Malware Detection,” IEEE Access, vol. 7, pp. 32765–32782, 2019, doi: 10.1109/ACCESS.2019.2891588.

[37] N. Pandeeswari and G. Kumar, “Anomaly Detection System in Cloud Environment Using Fuzzy Clustering Based ANN,” Mob. Networks Appl., vol. 21, no. 3, pp. 494–505, 2016, doi: 10.1007/s11036-015-0644-x.

[38] A. N. Sokolov, I. A. Pyatnitsky, and S. K. Alabugin, “Research of Classical Machine Learning Methods and Deep Learning Models Effectiveness in Detecting Anomalies of Industrial Control System,” Proc. - 2018 Glob. Smart Ind. Conf. GloSIC 2018, pp. 1–6, 2018, doi: 10.1109/GloSIC.2018.8570073.

[39] E. Eziama, S. Ahmed, S. Ahmed, F. Awin, and K. Tepe, “Detection of Adversary Nodes in Machine-To-Machine Communication Using Machine Learning Based Trust Model,” 2019 IEEE 19th Int. Symp. Signal Process. Inf. Technol. ISSPIT 2019, 2019, doi: 10.1109/ISSPIT47144.2019.9001743.

[40] L. Liu, P. Wang, J. Lin, and L. Liu, “Intrusion Detection of Imbalanced Network Traffic Based on Machine Learning and Deep Learning,” IEEE Access, vol. 9, pp. 7550–7563, 2021, doi: 10.1109/ACCESS.2020.3048198.

[41] F. O. Olowononi, D. B. Rawat, and C. Liu, “Resilient Machine Learning for Networked Cyber Physical Systems: A Survey for Machine Learning Security to Securing Machine Learning for CPS,” IEEE Commun. Surv. Tutorials, vol. 23, no. 1, pp. 524–552, 2021, doi: 10.1109/COMST.2020.3036778.

[42] Y. Uhm and W. Pak, “Service-Aware Two-Level Partitioning for Machine Learning-Based Network Intrusion Detection with High Performance and High Scalability,” IEEE Access, vol. 9, pp. 6608–6622, 2021, doi: 10.1109/ACCESS.2020.3048900.

[43] S. Sharma, P. Zavarsky, and S. Butakov, “Machine Learning based Intrusion Detection System for Web-Based Attacks,” Proc. - 2020 IEEE 6th Intl Conf. Big Data Secur. Cloud, BigDataSecurity 2020, 2020 IEEE Intl Conf. High Perform. Smart Comput. HPSC 2020 2020 IEEE Intl Conf. Intell. Data Secur. IDS 2020, pp. 227–230, 2020, doi: 10.1109/BigDataSecurity-HPSC-IDS49724.2020.00048.

[44] M. A. Ferrag, L. Maglaras, S. Moschoyiannis, and H. Janicke, “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study,” J. Inf. Secur. Appl., vol. 50, p. 102419, 2020, doi: 10.1016/j.jisa.2019.102419.

[45] F. Ertam, “An efficient hybrid deep learning approach for internet security,” Phys. A Stat. Mech. its Appl., vol. 535, p. 122492, 2019, doi: 10.1016/j.physa.2019.122492.

[46] F. K. Tsai, C. C. Chen, T. F. Chen, and T. J. Lin, “Sensor Abnormal Detection and Recovery Using Machine Learning for IoT Sensing Systems,” 2019 IEEE 6th Int. Conf. Ind. Eng. Appl. ICIEA 2019, pp. 501–505, 2019, doi: 10.1109/IEA.2019.8715215.

[47] A. Salem and S. Banescu, “Metadata recovery from obfuscated programs using machine learning,” ACM Int. Conf. Proceeding Ser., vol. 05-06-December-2016, 2016, doi: 10.1145/3015135.3015136.

[48] J. Canedo and A. Skjellum, “Using machine learning to secure IoT systems,” 2016 14th Annu. Conf. Privacy, Secur. Trust. PST 2016, pp. 219–222, 2016, doi: 10.1109/PST.2016.7906930.

[49] A. I. Abubakar, H. Chiroma, S. A. Muaz, and L. B. Ila, “A review of the advances in cyber security benchmark datasets for evaluating data-driven based intrusion detection systems,” Procedia Comput. Sci., vol. 62, no. Scse, pp. 221–227, 2015, doi: 10.1016/j.procs.2015.08.443.

[50] A. V. Sukhanov, S. M. Kovalev, and V. Stýskala, “Advanced temporal-difference learning for intrusion detection,” IFAC-PapersOnLine, vol. 28, no. 4, pp. 43–48, 2015, doi: 10.1016/j.ifacol.2015.07.005.

[51] P. Wang and Y. S. Wang, “Malware behavioural detection and vaccine development by using a support vector model classifier,” J. Comput. Syst. Sci., vol. 81, no. 6, pp. 1012–1026, 2015, doi: 10.1016/j.jcss.2014.12.014.

[52] D. P. Gaikwad and R. C. Thool, “Intrusion detection system using Bagging with Partial Decision Tree base classifier,” Procedia Comput. Sci., vol. 49, no. 1, pp. 92–98, 2015, doi: 10.1016/j.procs.2015.04.231.

[53] H. Zhang, D. Yao, N. Ramakrishnan, and Z. Zhang, “Causality reasoning about network events for detecting stealthy malware activities,” Comput. Secur., vol. 58, no. May 2012, pp. 180–198, 2016, doi: 10.1016/j.cose.2016.01.002.

[54] S. Liu, Y. Wang, J. Zhang, C. Chen, and Y. Xiang, “Addressing the class imbalance problem in Twitter spam detection using ensemble learning,” Comput. Secur., vol. 69, pp. 35–49, 2017, doi: 10.1016/j.cose.2016.12.004.

[55] P. Li et al., “Multi-key privacy-preserving deep learning in cloud computing,” Futur. Gener. Comput. Syst., vol. 74, pp. 76–85, 2017, doi: 10.1016/j.future.2017.02.006.

[56] A. Li, J. Wu, and Z. Liu, “Market Manipulation Detection Based on Classification Methods,” Procedia Comput. Sci., vol. 122, pp. 788–795, 2017, doi: 10.1016/j.procs.2017.11.438.

[57] D. X. Cho, D. T. H. Thuong, and N. K. Dung, “A Method of Detecting Storage Based Network Steganography Using Machine Learning,” Procedia Comput. Sci., vol. 154, pp. 543–548, 2018, doi: 10.1016/j.procs.2019.06.086.

[58] E. G. Dada, J. S. Bassi, H. Chiroma, S. M. Abdulhamid, A. O. Adetunmbi, and O. E. Ajibuwa, “Machine learning for email spam filtering: review, approaches and open research problems,” Heliyon, vol. 5, no. 6, 2019, doi: 10.1016/j.heliyon.2019.e01802.

[59] B. K. Mohanta, D. Jena, U. Satapathy, and S. Patnaik, “Survey on IoT security: Challenges and solution using machine learning, artificial intelligence and blockchain technology,” Internet of Things, vol. 11, p. 100227, 2020, doi: 10.1016/j.iot.2020.100227.

[60] D. Yu, J. Kang, and J. Dong, “Service Attack Improvement in Wireless Sensor Network Based on Machine Learning,” Microprocess. Microsyst., vol. 80, no. December 2020, p. 103637, 2021, doi: 10.1016/j.micpro.2020.103637.

[61] O. K. Sahingoz, E. Buber, O. Demir, and B. Diri, “Machine learning based phishing detection from URLs,” Expert Syst. Appl., vol. 117, pp. 345–357, 2019, doi: 10.1016/j.eswa.2018.09.029.