| Ref. | Description: method and features used to train and evaluate model | DL algorithm used | Library/framework used | Targeted platform | Dataset Used | Accuracy/F1 score |
| [107] | Malware dynamic behavior classification and family clustering algorithm | CNN, GAN | Not stated | Windows, android | DataCon, GreekPwn | Not stated |
| [108] | Detecting domain generation algorithms (DGAs) and automatically labelling domain names in real traffic | LSTM RNN | Keras, scikit-learn | Not stated | ALexaBamb, Retro | About 98% |
| [109] | Deep learning-based intrusion detection system for detecting cyber-attacks | Not stated | TensorFlow, Keras, scikit-learn | Internet | KDDCup99, NSL KDD, UNSW-NB15, WSN-DS, CICIDS 2017, Kyoto | 85 ā 99% |
| [110] | An intrusion detection system to protect in-vehicle network, the controller area network (CAN) bus | CNN | Not stated | ā | Self-generated | 99% |
| [111] | Source-based distributed denial-of-service defense system in fog and cloud computing systems | LSTM | Keras, TensorFlow | Cloud computing | Hogzilla | 98.88% |
| [112] | A hybrid deep learning-based system for detecting botnet | CNN, RNN | Keras, TensorFlow, scikit-learn | Internet | CTU-13, ISOT | 99.3% (CUT-13) 99.5% (ISOT) |
| [113] | Using robust software modeling tool (RSMT) to monitor and characterize the behavior of web based applications | SAE | Keras, TensorFlow, scikit-learn | Internet | Not stated | About 92%. |
| [114] | Deep multilayer perceptron and RNN-based deep learning system for detecting cloud-based intrusion | RNN, LSTM | Keras, TensorFlow, Theano | Cloud computing | Not stated | 86.9% |
| [115] | Malware detection in PDF files | CNN | Not stated | Multiple | Self-generated | Up to 98.92% |
| [116] | Ransomware detection and classification by extracting event sequences during a program execution | LSTM, CNN | Keras, TensorFlow | Not stated | Self-generated | 99.6% |
| [117] | Malware detection in cloud platforms by extracting several features of each process, like CPU usage, memory usage, and disk usage | CNN | Not stated | Cloud IaaS | Self-generated | Up to 93% |
| [118] | Using ML and DL techniques to distinguish normal traffic from cryptomining traffic by extracting the data flow features | Fully connected CNN | Keras, TensorFlow, scikit-learn | Internet | Self-generated mining traffic | 99.98% |
| [119] | Malware detection on various platforms, including Windows, Android, IoT, IoBT, and the Internet by vector embedding | LSTM | Not stated | Windows, Android, IoT, IoBT, Internet | VXHeaven, Drebin, Kaggle | 94.1% on average |
|
|