AI-DRIVEN APPROACHES TO CYBER AND INFORMATION SECURITY: MACHINE LEARNING ALGORITHMS FOR THREAT PREDICTION AND ANOMALY DETECTION

Abstract

The growing prevalence, magnitude, and sophistication of cyber threats have made traditional signature-based and heuristic intrusion detection systems increasingly ineffective. To tackle this issue the study introduces an intelligent and adaptive cybersecurity framework based on artificial intelligence (AI), specifically utilizing advanced machine learning (ML) algorithms for threat prediction and anomaly detection. The framework includes a comparative analysis of a wide array of ML techniques spanning classical models such as Decision Trees (DT) and Gradient Boosted Machines (GBM) to advanced deep learning architectures, including Deep Neural Networks (DNN), one-dimensional Convolutional Neural Networks (1D-CNN) and hybrid CNN-Transformer models. These algorithms are thoroughly assessed using three diversed high-quality benchmark datasets: TON_IoT, BoT-IoT and CSE-CIC-IDS2018 each dataset represents different cybersecurity domains like IoT environments, botnet traffic and enterprise network infrastructures. The data preprocessing pipeline employs strong techniques such as multivariate time-series transformation, chi-squared feature selection, Z-score normalization and oversampling methods like SMOTE and ADASYN to address class imbalance. Sequential modeling is facilitated through sliding window mechanisms, ensuring temporal consistency for deep and attention-based models. A comprehensive performance evaluation is carried out using a multi-faceted set of metrics, including accuracy, precision, recall, F1-score, Matthews Correlation Coefficient (MCC) and the Area Under the Receiver Operating Characteristic Curve (ROC-AUC). Experimental results indicate that hybrid CNN-Transformer models consistently surpass traditional ML and standalone neural architectures, achieving peak accuracy of 97.86%, F1-score of 97.31% and MCC of 0.954, while demonstrating resilience against false positives and generalization errors. Moreover, this research presents a modular real-time anomaly detection pipeline that incorporates Apache Kafka for real-time data ingestion, Apache Spark for distributed preprocessing, TensorFlow Serving for scalable inference deployment and explainable AI (XAI) tools including SHAP values and attention-based visualizations to ensure transparency and interpretability. The proposed architecture establishes a scalable, interpretable and high-performance AI-driven defense mechanism, setting a standard for next-generation cybersecurity systems capable of adapting to the evolving digital threat landscape.