Adversarial Defense in Cybersecurity: A Systematic Review of GANs for Threat Detection and Mitigation

Digital transformation of modern society has spread the attack surface of critical infrastructures, enterprise networks, and personal devices. Quick propagation of cyber threats, driven by sophisticated adversarial attacks including evasion[8, 82], data poisoning[21], and backdoor insertions[20, 21], weakened traditional security measures across domains including intrusion detection systems (IDS), Internet of Things (IoT) security, and autonomous networks [19, 82, 127, 138]. These attacks exploit machine learning vulnerabilities, vastly expanding attack surfaces amid the proliferation of IoT devices and distributed systems[35, 58, 59]. Generative Adversarial Networks (GANs), first introduced by Goodfellow et al.[1], have transitioned from synthetic data generation to essential defenses, enabling adversarial scenario simulation, dataset augmentation, and model resilience enhancement[16, 32, 33, 139]. Variants like Conditional GANs (CGANs) and Wasserstein GANs (WGANs) excel in producing realistic samples for anomaly detection and IDS robustness[27, 169, 170], outperforming static signature-based approaches against dynamic threats[60, 169, 173]. Yet, GAN applications in Cybersecurity are fragmented, grappling with training instability, dataset scarcity, edge-device computational constraints, and dual-use risks where GANs facilitate both defenses and advanced attacks[11, 13, 24, 34, 44, 61-63, 79, 80]. Recent advancements, such as GAN-IF models for intrusion detection and AR-GAN for autonomous vehicle defenses, underscore potential in real-time mitigation, but ethical frameworks and unified evaluations remain deficient[78, 81]. This gap necessitates a systematic literature review (SLR) to consolidate GAN architectures, applications, and performance metrics for proactive adversarial defense. 1