Abstract

Enterprise IT infrastructures and data centers are at risk from advanced cyber threats like zero-day exploits, fileless malware, insider misuse, and privilege escalation. Antivirus software and signature-based intrusion prevention are examples of traditional endpoint security solutions that still work against known attacks. However, they have trouble with new, behavior-based threats and are hard to understand. This survey looks at the latest developments in endpoint protection, including zero-day detection, insider monitoring, privilege abuse analysis, multimodal data correlation, explainable AI techniques, and adaptive model refinement through analyst feedback and deception. Profiling, ensemble anomaly detection, and deception-enabled frameworks are used to look at these methods.

References

• K. Asgarov, “Real-time endpoint anomaly detection using adaptive statistical methods for baseline deviations,” Problems of Information Technology, vol. 16, no. 1, pp. 11–17, Apr. 2025, doi: 10.25045/jpit.v16.i1.02.
• A. Punia, M. Tiwari, and S. S. Verma, “A machine learning-based efficient anomaly detection system for enhanced security in compromised and maligned IoT networks,” Results in Engineering, p. 105562, 2025.
• K. N. Asgarov, A. Guliyev, and E. Hajiyev, “Unsupervised machine learning methods for anomaly detection,” Journal of Modern Technology and Engineering, vol. 9, no. 3, pp. 52–63, 2024.
• D. Vasiljeva, J. K. Dissanayake, and M. Khaleel, “Endpoint security in remote work environments: Addressing the unique challenges of securing endpoints in remote work scenarios,” NAJER Journal, vol. 4, no. 1, pp. 15–28, 2023.
• D. Kurniadi, A. Fahreza, and T. W. Cahyo, “Enhancing cybersecurity for remote work: Identifying the gaps and design considerations for a robust security tool,” International Journal of Engineering and Advanced Technology, vol. 14, no. 4, pp. 230–236, Apr. 2025.
• O. Salem, M. A. Hossain, and M. Kamala, “Awareness program and AI based tool to reduce risk of phishing attacks,” ResearchGate Preprint, 2010.
• A. Nath and T. Mondal, “Issues and challenges in two-factor authentication algorithms,” ResearchGate Preprint, 2016.
• M. K. Alshammari, A. A. Alduailij, and Y. Alotaibi, “An empirical assessment of endpoint detection and response systems against advanced persistent threats attack vectors,” Journal of Cybersecurity and Privacy, vol. 1, no. 3, pp. 408–426, 2021.
• A. Sharma and S. Mehra, “Cybersecurity risks of bringing your own device (BYOD) practice in the workplace and strategies to address the risks,” ResearchGate Preprint, 2022.
• P. R. Yadav and N. Kumar, “Man-in-the-middle attack in wireless and computer networking—A review,” ResearchGate Preprint, 2017.
• Y.-S. Wang, C.-H. Chen, and P.-C. Hsu, “Effective classification for multi-modal behavioral authentication on large-scale data,” Journal of Internet Technology, vol. 22, no. 5, pp. 991–1002, 2021.
• M. Ahmed, A. N. Mahmood, and J. Hu, “A survey of network anomaly detection techniques,” Journal of Network and Computer Applications, vol. 60, pp. 19–31, 2016.
• M. Al-Asli and T. A. Ghaleb, “Review of signature-based techniques in antivirus products,” in Proceedings of the International Conference on Computer and Information Sciences (ICCIS), Sakaka, Saudi Arabia, 2019, pp. 1–6.
• K. N. Asgarov, Y. N. Imamverdiyev, and M. M. Abutalibov, “Unsupervised machine learning for real-time anomaly detection in endpoints,” Journal of Modern Technology and Engineering, vol. 9, no. 3, pp. 141–155, 2024.
• R. G. Brown, R. F. Meyer, and D. A. D’Esopo, “The fundamental theorem of exponential smoothing,” Operations Research, vol. 9, no. 5, pp. 673–687, 1961.
• V. Chandola, A. Banerjee, and V. Kumar, “Anomaly detection: A survey,” ACM Computing Surveys, vol. 43, no. 3, pp. 1–58, 2009.
• S. Ding, W. Gu, S. Lu, R. Yu, and L. Sheng, “Cyber-attack against heating system in integrated energy systems: Model and propagation mechanism,” Applied Energy, vol. 311, Apr. 2022.
• V. Hodge and J. Austin, “A survey of outlier detection methodologies,” Artificial Intelligence Review, vol. 22, pp. 85–126, 2004.
• N. Hoque, D. K. Bhattacharyya, and J. K. Kalita, “Botnet in DDoS attacks: Trends and challenges,” IEEE Communications Surveys & Tutorials, vol. 17, pp. 2242–2270, 2015.
• Y. Li and Q. A. Liu, “A comprehensive review study of cyber-attacks and cybersecurity: Emerging trends and recent developments,” Energy Reports, vol. 7, pp. 8176–8186, 2021.
• A. K. Maurya, K. Neeraj, A. Alka, and A. K. Raees, “Ransomware: Evolution, target and safety measures,” International Journal of Computer Science and Engineering, vol. 6, no. 1, pp. 80–85, 2018.
• M. B. Perry, “The exponentially weighted moving average,” in Wiley Encyclopedia of Operations Research and Management Science, 2011.
• S. Simon et al., “Exploring hyperparameter usage and tuning in machine learning research,” in Proceedings of the IEEE/ACM International Conference on AI Engineering (CAIN), Melbourne, Australia, 2023, pp. 68–79.
• P. Venkataanusha, C. Anuradga, P. Murty, and S. K. Chebrolu, “Detecting outliers in high-dimensional data sets using Z-score methodology,” International Journal of Innovative Technology and Exploring Engineering, vol. 9, pp. 48–53, 2019.