Adversarial Defense in Cybersecurity: A Systematic Review of GANs for Threat Detection and Mitigation
Tharcisse Ndayipfukamiye, Jianguo Ding, Doreen Sebastian Sarwatt, Adamu Gaston Philipo, Huansheng Ning
TL;DR
This systematic review analyzes GAN-based adversarial defenses in cybersecurity from 2021 to August 31, 2025, using a PRISMA-driven protocol to synthesize 185 peer-reviewed studies. It introduces a novel four-dimensional taxonomy—defensive function, GAN architecture, cybersecurity domain, and adversarial threat model—and provides a critical benchmarking framework and gap analysis. The review finds GANs improve detection, robustness, and data utility across network intrusion detection, malware analysis, and IoT security, with notable gains from WGAN-GP, CGANs, and hybrid models, while also identifying persistent challenges such as training instability, high computational cost, and lack of standardized benchmarks. It culminates in a practical roadmap that emphasizes stable architectures, unified evaluation, real-world deployment, and defenses against emerging threats like LLM-driven attacks, laying a foundation for scalable, trustworthy GAN-powered cyber defenses.
Abstract
Machine learning-based cybersecurity systems are highly vulnerable to adversarial attacks, while Generative Adversarial Networks (GANs) act as both powerful attack enablers and promising defenses. This survey systematically reviews GAN-based adversarial defenses in cybersecurity (2021--August 31, 2025), consolidating recent progress, identifying gaps, and outlining future directions. Using a PRISMA-compliant systematic literature review protocol, we searched five major digital libraries. From 829 initial records, 185 peer-reviewed studies were retained and synthesized through quantitative trend analysis and thematic taxonomy development. We introduce a four-dimensional taxonomy spanning defensive function, GAN architecture, cybersecurity domain, and adversarial threat model. GANs improve detection accuracy, robustness, and data utility across network intrusion detection, malware analysis, and IoT security. Notable advances include WGAN-GP for stable training, CGANs for targeted synthesis, and hybrid GAN models for improved resilience. Yet, persistent challenges remain such as instability in training, lack of standardized benchmarks, high computational cost, and limited explainability. GAN-based defenses demonstrate strong potential but require advances in stable architectures, benchmarking, transparency, and deployment. We propose a roadmap emphasizing hybrid models, unified evaluation, real-world integration, and defenses against emerging threats such as LLM-driven cyberattacks. This survey establishes the foundation for scalable, trustworthy, and adaptive GAN-powered defenses.