Exploring the Role of Artificial Intelligence in Enhancing Security Operations: A Systematic Review

[en] Artificial intelligence (AI) is reshaping Security Operations Centers (SOCs). This systematic literature review analyses AI’s transformative impact across the NIST Cybersecurity Framework. The analysis of 189 papers related to AI use-cases for SOCs shows widespread application of AI for detection, with 65% of studies focusing on it. Yet, it also reveals deficiencies in recovery, the underutilisation of explainable AI models—with 88% of studies relying on non-explainable approaches— the sporadic release of tools as open-source and an over-reliance on proprietary datasets. Common motivations for papers include efficiency, error reduction, and cost savings, with challenges in data reliance, and integration complexity.

Disciplines :

Computer science

Author, co-author :

GIARIMPAMPA, Despoina ; University of Luxembourg

Meier, Roland ; Cyber-Defense Campus, armasuisse

BISSYANDE, Tegawendé ; University of Luxembourg

LENDERS, Vincent ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Systems and Network Security Group (SNS) ; Cyber-Defense Campus, armasuisse

KLEIN, Jacques ; University of Luxembourg

External co-authors :

yes

Language :

English

Title :

Exploring the Role of Artificial Intelligence in Enhancing Security Operations: A Systematic Review

Publication date :

18 July 2025

Journal title :

ACM Computing Surveys

ISSN :

0360-0300

Publisher :

Association for Computing Machinery (ACM)

Peer reviewed :

Peer Reviewed verified by ORBi

Focus Area :

Security, Reliability and Trust

Additional URL :

https://dl.acm.org/doi/pdf/10.1145/3747587

Available on ORBilu :

since 29 September 2025

Statistics

Number of views

117 (9 by Unilu)

Number of downloads

35 (3 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

Bibliography

2021. The Power of Splunk. (Aug. 2021). Retrieved from https://www.splunk.com/en_us/blog/learn/soc-security-operation-center.html
2024. A Realistic Cyber Defense Dataset (CSE-CIC-IDS2018)—Registry of Open Data on AWS. (Dec. 2024). Retrieved from https://registry.opendata.aws/cse-cic-ids2018 [Online; accessed 28. dec. 2024].
2024. core.edu.au - CORE Rankings Portal. (Nov. 2024). Retrieved from https://www.core.edu.au/conference-portal [Online; accessed 13. nov.. 2024].
2024. Cybersecurity Framework | NIST. (Dec. 2024). Retrieved from https://www.nist.gov/cyberframework [Online; accessed 31. dec. 2024].
2025. What Is a Security Operations Center | Cybersecurity | CompTIA. (Jan. 2025). Retrieved from https://www.comptia.org/content/articles/what-is-a-security-operations-center#::text=Simply%20put%2C%20a%20security%20operations,where%20SOC%20analysts%20work%20together.
Jesse Ables, Thomas Kirby, William Anderson, Sudip Mittal, Shahram Rahimi, Ioana Banicescu, and Maria Seale. 2022. Creating an explainable intrusion detection system using self organizing maps. In 2022 IEEE Symposium Series on Computational Intelligence (SSCI). IEEE, 404–412.
Enoch Agyepong, Yulia Cherdantseva, Philipp Reinecke, and Pete Burnap. 2020. Challenges and performance metrics for security operations center analysts: A systematic review. Journal of Cyber Security Technology 4, 3 (2020), 125–152.
Ashish Ahire and Mustafa Abdallah. 2023. Reinforcement learning for enhancing human security resource allocation in protecting assets with heterogeneous losses. Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, 9–15. DOI: 10.1145/3579988.3585057
Scott Ainslie, Dean Thompson, Sean Maynard, and Atif Ahmad. 2023. Cyber-threat intelligence for security decision-making: A review and research agenda for practice. Computers & Security 132 (2023), 103352.
Georgios Aivatoglou, Mike Anastasiadis, Georgios Spanos, Antonis Voulgaridis, Konstantinos Votis, Dimitrios Tzovaras, and Lefteris Angelis. 2022. A RAkEL-based methodology to estimate software vulnerability characteristics & score-an application to EU project ECHO. Multimedia Tools and Applications 81, 7 (2022), 9459–9479.
Bushra A AlAhmadi and Ivan Martinovic. 2018. MalClassifier: Malware family classification using network flow sequence behaviour. In 2018 APWG Symposium on Electronic Crime Research (eCrime). IEEE, 1–13.
Moutaz Alazab, Ruba Abu Khurma, Albara Awajan, and David Camacho. 2022. A new intrusion detection system based on moth–flame optimizer algorithm. Expert Systems with Applications 210 (2022), 118439.
Cristina Alcaraz and Javier Lopez. 2022. Digital twin: A comprehensive survey of security threats. IEEE Communications Surveys & Tutorials 24, 3 (2022), 1475–1503.
Rubayyi Alghamdi and Martine Bellaiche. 2023. An ensemble deep learning based IDS for IoT using lambda architecture. Cybersecurity 6, 1 (2023), 5.
Yusuf S AlMahmeed and Alauddin Y Al-Omay. 2022. Zero-day attack solutions using threat hunting intelligence: Extensive survey. In 2022 International Conference on Data Analytics for Business and Industry (ICDABI). IEEE, 309–314.
Mohammed Almukaynizi, Ericsson Marin, Eric Nunes, Paulo Shakarian, Gerardo I Simari, Dipsy Kapoor, and Timothy Siedlecki. 2018. Darkmention: A deployed system to predict enterprise-targeted external cyberattacks. In 2018 IEEE International Conference on Intelligence and Security Informatics (ISI). IEEE, 31–36.
Mohammed A Althamir, Jawhara Z Boodai, and MM Hafizur Rahman. 2023. A mini literature review on challenges and opportunity in threat intelligence. In 2023 International Conference on Artificial Intelligence in Information and Communication (ICAIIC). IEEE, 558–563.
Fernando Alves, Aurélien Bettini, Pedro M. Ferreira, and Alysson Bessani. 2021. Processing tweets for cybersecurity threat awareness. Information Systems 95 (2021), 101586.
Fernando Alves, Pedro Miguel Ferreira, and Alysson Bessani. 2019. Design of a classification model for a twitter-based streaming threat monitor. In 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). IEEE, 9–14.
Tudor Andreica, Christian-Daniel Curiac, Camil Jichici, and Bogdan Groza. 2022. Android head units vs. In-vehicle ECUs: Performance assessment for deploying in-vehicle intrusion detection systems for the CAN bus. IEEE Access 10 (2022), 95161–95178.
Mahmoud Atari and Amjed Al-Mousa. 2022. A machine-learning based approach for detecting phishing urls. In 2022 International Conference on Intelligent Data Science Technologies and Applications (IDSTA). IEEE, 82–88.
Shahriar Badsha, Iman Vakilinia, and Shamik Sengupta. 2019. Privacy preserving cyber threat information sharing and learning for cyber defense. In 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). IEEE, 0708–0714.
Tao Ban, Ndichu Samuel, Takeshi Takahashi, and Daisuke Inoue. 2021. Combat security alert fatigue with AI-assisted techniques. Cyber Security Experimentation and Test Workshop, 9–16. DOI: 10.1145/3474718.3474723
Muthu M Baskaran, Thomas Henretty, James Ezick, Richard Lethin, and David Bruns-Smith. 2019. Enhancing network visibility and security through tensor analysis. Future Generation Computer Systems 96 (2019), 207–215.
Piotr Bienias, Grzegorz Kołaczek, and Arkadiusz Warzyński. 2019. Architecture of anomaly detection module for the security operations center. In 2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE). IEEE, 126–131.
Abdelwahab Boualouache and Thomas Engel. 2022. Federated learning-based inter-slice attack detection for 5G-V2X sliced networks. In 2022 IEEE 96th Vehicular Technology Conference (VTC2022-Fall). IEEE, 1–6.
Joel Brogan, Nell Barber, David Cornett, and David Bolme. 2023. VDiSC: An open source framework for distributed smart city vision and biometric surveillance networks. In Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision. 148–154.
Pete Burnap, Richard French, Frederick Turner, and Kevin Jones. 2018. Malware classification using self organising feature maps and machine activity data. Computers & Security 73 (2018), 399–410.
Alessio Buscemi, Manasvi Ponaka, Mahdi Fotouhi, Florian Jomrich, Christian Koebel, and Thomas Engel. 2023. An intrusion detection system against rogue master attacks on gptp. In 2023 IEEE 97th Vehicular Technology Conference (VTC2023-Spring). IEEE, 1–7.
E. C.-Council. 2024. What security operations center SOC is | fundamentals of SOC cyber security | EC-council. Cybersecurity Exchange (March 2024). Retrieved from https://www.eccouncil.org/cybersecurity-exchange/security-operation-center/what-is-soc-security-operations-center/#::text=A%20Security%20Operations%20Center%20(SOC,security%20systems%20in%20real%20time.
Albert Calvo, Santiago Escuder, Josep Escrig, Marta Arias, Nil Ortiz, and Jordi Guijarro. 2023. A data-driven approach for risk exposure analysis in enterprise security. In 2023 IEEE 10th International Conference on Data Science and Advanced Analytics (DSAA). IEEE, 1–9.
Hasan Cam. 2019. Model-guided infection prediction and active defense using context-specific cybersecurity observations. In MILCOM 2019-2019 IEEE Military Communications Conference (MILCOM). IEEE, 1–6.
Yidong Chai, Yonghang Zhou, Weifeng Li, and Yuanchun Jiang. 2021. An explainable multi-modal hierarchical attention model for developing phishing threat intelligence. IEEE Transactions on Dependable and Secure Computing 19, 2 (2021), 790–803.
Haipeng Chen, Andrew Duncklee, Sushil Jajodia, Rui Liu, Sean Mcnamara, and V. S. Subrahmanian. 2022. PCAM: A data-driven probabilistic cyber-alert management framework. ACM Trans. Internet Technol. 22, 3 (2022), 1–24. 10.1145/3511101
Yang Chen, Saba Al-Rubaye, Antonios Tsourdos, Lawrence Baker, and Colin Gillingham. 2023. Differentially-private federated intrusion detection via knowledge distillation in third-party IoT systems of smart airports. In ICC 2023-IEEE International Conference on Communications. IEEE, 603–608.
Andrew Chi, Blake Anderson, and Michael K Reiter. 2023. Prioritizing remediation of enterprise hosts by malware execution risk. In Proceedings of the 39th Annual Computer Security Applications Conference. 550–564.
Daiki Chiba, Mitsuaki Akiyama, Yuto Otsuki, Hiroki Hada, Takeshi Yagi, Tobias Fiebig, and Michel Van Eeten. 2022. Domainprio: Prioritizing domain name investigations to improve SOC efficiency. IEEE Access 10 (2022), 34352–34368.
Ikje Choi, Jun Lee, Taewoong Kwon, Kyuil Kim, Yoonsu Choi, and Jungsuk Song. 2021. An easy-to-use framework to build and operate ai-based intrusion detection for in-situ monitoring. In 2021 16th Asia Joint Conference on Information Security (AsiaJCIS). IEEE, 1–8.
Marcello Cinque, Christian Esposito, and Antonio Pecchia. 2019. Security log analysis in critical industrial systems exploiting game theoretic feature selection and evidence combination. IEEE Transactions on Industrial Informatics 16, 6 (2019), 3871–3880.
Christopher Collins, Denis Dennehy, Kieran Conboy, and Patrick Mikalef. 2021. Artificial intelligence in information systems research: A systematic literature review and research agenda. International Journal of Information Management 60 (2021), 102383.
Prerit Datta, Natalie Lodinger, Akbar Siami Namin, and Keith S Jones. 2020. Predicting consequences of cyber-attacks. In 2020 IEEE International Conference on Big Data (Big Data). IEEE, 2073–2078.
Noemí DeCastro-García, Ángel L Muñoz Castañeda, and Mario Fernández-Rodríguez. 2020. Machine learning for automatic assignment of the severity of cybersecurity events. Computational and Mathematical Methods 2, 1 (2020), e1072.
Nathan Deguara, Junaid Arshad, Anum Paracha, and Muhammad Ajmal Azad. 2022. Threat miner-a text analysis engine for threat identification using dark web data. In 2022 IEEE International Conference on Big Data (Big Data). IEEE, 3043–3052.
Konstantinos Demertzis, Nikos Tziritas, Panayiotis Kikiras, Salvador Llopis Sanchez, and Lazaros Iliadis. 2019. The next generation cognitive security operations center: Adaptive analytic lambda architecture for efficient defense against adversarial attacks. Big Data and Cognitive Computing 3, 1 (2019), 6.
Devo. 2023. New SOC performance report: Security analysts are overworked and under resourced | devo blog. Devo (July 2023). Retrieved from https://www.devo.com/blog/new-soc-performance-report-security-analysts-are-overworked-and-under-resourced
Nuno Dionísio, Fernando Alves, Pedro M. Ferreira, and Alysson Bessani. 2019. Cyberthreat detection from twitter using deep neural networks. In 2019 International Joint Conference on Neural Networks (IJCNN). IEEE, 1–8.
Nuno Dionísio, Fernando Alves, Pedro M. Ferreira, and Alysson Bessani. 2020. Towards end-to-end cyberthreat detection from Twitter using multi-task learning. In 2020 International Joint Conference on Neural Networks (IJCNN). IEEE, 1–8.
Michael Donevski and Tanveer Zia. 2018. A survey of anomaly and automation from a cybersecurity perspective. In 2018 IEEE Globecom Workshops (GC Wkshps). IEEE, 1–6.
Cong Dong, YuFan Chen, YunJian Zhang, Bo Jiang, DongXu Han, and BaoXu Liu. 2019. An approach for scale suspicious network events detection. In 2019 IEEE International Conference on Big Data (Big Data). IEEE, 5854–5863.
Arthur Drichel, Nils Faerber, and Ulrike Meyer. 2021. First step towards explainable dga multiclass classification. In Proceedings of the 16th International Conference on Availability, Reliability and Security. 1–13.
Arthur Drichel and Ulrike Meyer. 2023. False sense of security: Leveraging XAI to analyze the reasoning and true performance of context-less DGA classifiers. In Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses. 330–345.
Benjamin Drozdenko and Makia Powell. 2022. Utilizing deep learning techniques to detect zero day exploits in network traffic flows. In 2022 IEEE 13th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON). IEEE, 0163–0172.
Jiayi Duan, Ziheng Zeng, Alina Oprea, and Shobha Vasudevan. 2018. Automated generation and selection of interpretable features for enterprise security. In 2018 IEEE International Conference on Big Data (Big Data). IEEE, 1258–1265.
Phan The Duy, Nghi Hoang Khoa, Hien Do Hoang, Van-Hau Pham, et al. 2023. Investigating on the robustness of flow-based intrusion detection system against adversarial samples using generative adversarial networks. Journal of Information Security and Applications 74 (2023), 103472.
Phan The Duy, Nguyen Huu Quyen, Nghi Hoang Khoa, Tuan-Dung Tran, and Van-Hau Pham. 2023. FedChain-hunter: A reliable and privacy-preserving aggregation for federated threat hunting framework in SDN-based IIoT. Internet of Things 24 (2023), 100966.
Ogerta Elezaj, Sule Yildirim Yayilgan, Mohamed Abomhara, Prosper Yeng, and Javed Ahmed. 2019. Data-driven intrusion detection system for small and medium enterprises. In 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD). IEEE, 1–7.
Aviad Elitzur, Rami Puzis, and Polina Zilberman. 2019. Attack hypothesis generation. In 2019 European Intelligence and Security Informatics Conference (EISIC). IEEE, 40–47.
Hafiz M. Farooq and Naif M. Otaibi. 2018. Optimal machine learning algorithms for cyber threat detection. In 2018 UKSim-AMSS 20th International Conference on Computer Modelling and Simulation (UKSim). 32–37. DOI: 10.1109/UKSim.2018.00018
Hafiz M Farooq and Naif M Otaibi. 2018. Optimal machine learning algorithms for cyber threat detection. In 2018 UKSim-AMSS 20th International Conference on Computer Modelling and Simulation (UKSim). IEEE, 32–37.
Katheryn A. Farris, Ankit Shah, George Cybenko, Rajesh Ganesan, and Sushil Jajodia. 2018. VULCON: A system for vulnerability prioritization, mitigation, and management. ACM Trans. Priv. Secur. 21, 4 (2018), 1–28. 10.1145/3196884
Juan Ramón Feijoo-Martínez, Alicia Guerrero-Curieses, Francisco Gimeno-Blanes, Mario Castro-Fernández, and José Luis Rojo-Álvarez. 2023. Cybersecurity alert prioritization in a critical high power grid with latent spaces. IEEE Access 11 (2023), 23754–23770.
Tiago Fernandes, Luis Dias, and Miguel Correia. 2020. C2bid: Cluster change-based intrusion detection. In 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 310–319.
Mohamed Amine Ferrag, Merouane Debbah, and Muna Al-Hawawreh. 2023. Generative ai for cyber threat-hunting in 6g-enabled iot networks. In 2023 IEEE/ACM 23rd International Symposium on Cluster, Cloud and Internet Computing Workshops (CCGridW). IEEE, 16–25.
James B Fraley and James Cannady. 2017. The promise of machine learning in cybersecurity. In SoutheastCon 2017. IEEE, 1–6.
Hamdi Friji, Ioannis Mavromatis, Adrian Sanchez-Mompo, Pietro Carnelli, Alexis Olivereau, and Aftab Khan. 2023. Multi-stage attack detection and prediction using graph neural networks: An IoT feasibility study. In 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 620–627.
Chuanpu Fu, Qi Li, Ke Xu, and Jianping Wu. 2023. Point cloud analysis for ML-based malicious traffic detection: Reducing majorities of false positive alarms. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. 1005–1019.
Koji Fujita, Toshiki Shibahara, Daiki Chiba, Mitsuaki Akiyama, and Masato Uchida. 2022. Objection!: Identifying misclassified malicious activities with XAI. In ICC 2022-IEEE International Conference on Communications. IEEE, 2065–2070.
Luigi Gallo, Alessandro Maiello, Alessio Botta, and Giorgio Ventre. 2021. 2 Years in the anti-phishing group of a large company. Computers & Security 105 (2021), 102259.
Yun Gao, Hirokazu Hasegawa, Yukiko Yamaguchi, and Hajime Shimada. 2021. Malware detection using gradient boosting decision trees with customized log loss function. In 2021 International Conference on Information Networking (ICOIN). IEEE, 273–278.
Yun Gao, Hirokazu Hasegawa, Yukiko Yamaguchi, and Hajime Shimada. 2022. Malware detection by control-flow graph level representation learning with graph isomorphism network. IEEE Access 10 (2022), 111830–111841.
Yun Gao, Hirokazu Hasegawa, Yukiko Yamaguchi, and Hajime Shimada. 2022. Malware detection using LightGBM with a custom logistic loss function. IEEE Access 10 (2022), 47792–47804.
Sebastian Garcia, Agustin Parmisano, and Maria Jose Erquiaga. 2020. IoT-23: A labeled dataset with malicious and benign IoT network traffic. (Jan. 2020). DOI: 10.5281/zenodo.4743746
Pedro García-Teodoro, José Antonio Gómez-Hernández, and Alberto Abellán-Galera. 2022. Multi-labeling of complex, multi-behavioral malware samples. Computers & Security 121 (2022), 102845.
Pierre-Francois Gimenez, Jonathan Roux, Eric Alata, Guillaume Auriol, Mohamed Kaaniche, and Vincent Nicomette. 2021. RIDS: Radio intrusion detection and diagnosis system for wireless communications in smart environment. ACM Trans. Cyber-Phys. Syst. 5, 3 (2021), 1–1. 10.1145/3441458
John R. Goodall, Eric D. Ragan, Chad A. Steed, Joel W. Reed, G. David Richardson, Kelly MT Huffer, Robert A. Bridges, and Jason A. Laska. 2018. Situ: Identifying and explaining suspicious behavior in networks. IEEE Transactions on Visualization and Computer Graphics 25, 1 (2018), 204–214.
Robert Gove. 2021. Automatic narrative summarization for visualizing cyber security logs and incident reports. IEEE Transactions on Visualization and Computer Graphics 28, 1 (2021), 1182–1190.
Roman Graf and Ross King. 2018. Neural network and blockchain based technique for cyber threat intelligence and situational awareness. In 2018 10th International Conference on Cyber Conflict (CyCon). IEEE, 409–426.
Michael Guarino, Pablo Rivas, and Casimer DeCusatis. 2020. Towards adversarially robust DDoS-attack classification. In 2020 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON). IEEE, 0285–0291.
Alejandro Guerra-Manzanares and Hayretdin Bahsi. 2023. On the application of active learning for efficient and effective IoT botnet detection. Future Generation Computer Systems 141 (2023), 40–53.
Lucas CB Guimarães, Gabriel Antonio F. Rebello, Felipe S. Fernandes, Gustavo F. Camilo, Lucas Airam C. de Souza, Danyel C. dos Santos, Luiz Gustavo CM de Oliveira, and Otto Carlos MB Duarte. 2020. TeMIA-NT: ThrEat monitoring and intelligent data analytics of network traffic. In 2020 4th Conference on Cloud and Internet of Things (CIoT). IEEE, 9–16.
Nitika Gupta, Issa Traore, and Paulo Magella Faria de Quinan. 2019. Automated event prioritization for security operation center using deep learning. In 2019 IEEE International Conference on Big Data (Big Data). IEEE, 5864–5872.
Chansu Han, Jun-ichi Takeuchi, Takeshi Takahashi, and Daisuke Inoue. 2022. Dark-TRACER: Early detection framework for malware activity based on anomalous spatiotemporal patterns. IEEE Access 10 (2022), 13038–13058.
Ryan Heartfield and George Loukas. 2018. Detecting semantic social engineering attacks with the weakest link: Implementation and empirical evaluation of a human-as-a-security-sensor framework. Computers & Security 76 (2018), 101–127.
Angus FM Huang, Yang Chi-Wei, Hsiao-Chi Tai, Yang Chuan, Jay JC Huang, and Yu-Han Liao. 2019. Suspicious network event recognition using modified stacking ensemble machine learning. In 2019 IEEE International Conference on Big Data (Big Data). IEEE, 5873–5880.
Lanxiao Huang, Tyler Cody, Christopher Redino, Abdul Rahman, Akshay Kakkar, Deepak Kushwaha, Cheng Wang, Ryan Clark, Daniel Radke, Peter Beling, et al. 2022. Exposing surveillance detection routes via reinforcement learning, attack graphs, and cyber terrain. In 2022 21st IEEE International Conference on Machine Learning and Applications (ICMLA). IEEE, 1350–1357.
Kieran Hughes, Kieran McLaughlin, and Sakir Sezer. 2022. A model-free approach to intrusion response systems. Journal of Information Security and Applications 66 (2022), 103150.
IEEE. IEEE Big Data 2019 Big Data Cup. Retrieved from https://rapid.cis.unimelb.edu.au/BigDataChallenge/Tasks.html. (n.d.). [Accessed 28-12-2024].
Masahiro Ishii, Kento Mori, Ryoichi Kuwana, and Satoshi Matsuura. 2022. Multi-label classification of cybersecurity text with distant supervision. Proceedings of the 17th International Conference on Availability, Reliability and Security. DOI: 10.1145/3538969.3543795
Chadni Islam, M. Ali Babar, Roland Croft, and Helge Janicke. 2022. SmartValidator: A framework for automatic identification and classification of cyber threat data. Journal of Network and Computer Applications 202 (2022), 103370.
Chadni Islam, Muhammad Ali Babar, and Surya Nepal. 2019. A multi-vocal review of security orchestration. ACM Computing Surveys (CSUR) 52, 2 (2019), 1–45.
Danish Javeed, Tianhan Gao, Muhammad Shahid Saeed, and Muhammad Taimoor Khan. 2023. FOG-empowered augmented-intelligence-based proactive defensive mechanism for IoT-enabled smart industries. IEEE Internet of Things Journal 10, 21 (2023), 18599–18608.
Yuning Jiang and Yacine Atif. 2021. A selective ensemble model for cognitive cybersecurity analysis. Journal of Network and Computer Applications 193 (2021), 103210.
JupiterOne. 2023. State of Cyber assets report. (2023). Retrieved from https://info.jupiterone.com/hubfs/SCAR%202023/jupiterone_2023-state-of-cyber-assets-report_scar.pdf
Jiaqi Kang, Huiran Yang, Yan Zhang, Yueyue Dai, Mengqi Zhan, and Weiping Wang. 2022. Actdetector: A sequence-based framework for network attack activity detection. In 2022 IEEE Symposium on Computers and Communications (ISCC). IEEE, 1–7.
Leyli Karaçay, Erkay Savaş, and Halit Alptekin. 2020. Intrusion detection over encrypted network data. Comput. J. 63, 1 (2020), 604–619.
Ramanpreet Kaur, Dušan Gabrijelčič, and Tomaž Klobučar. 2023. Artificial intelligence for cybersecurity: Literature review and future research directions. Information Fusion 97 (2023), 101804.
Varol O Kayhan, Manish Agrawal, and Shivendu Shivendu. 2023. Cyber threat detection: Unsupervised hunting of anomalous commands (UHAC). Decision Support Systems 168 (2023), 113928.
Ofir Erets Kdosha, Gilad Rosenthal, Kobi Cohen, Alon Freund, Avishay Bartik, and Aviv Ron. 2020. REMaDD: Resource-efficient malicious domains detector in large-scale networks. IEEE Access 8 (2020), 66327–66337.
Hakan Kekül, Burhan Ergen, and Halil Arslan. 2021. A multiclass hybrid approach to estimating software vulnerability vectors and severity score. Journal of Information Security and Applications 63 (2021), 103028.
Clifford Kemp, Chad Calvert, and Taghi M Khoshgoftaar. 2021. Detecting slow application-layer DoS attacks with PCA. In 2021 IEEE 22nd International Conference on Information Reuse and Integration for Data Science (IRI). IEEE, 176–183.
Egon Kidmose, Matija Stevanovic, Søren Brandbyge, and Jens M Pedersen. 2020. Featureless discovery of correlated and false intrusion alerts. IEEE Access 8 (2020), 108748–108765.
Aechan Kim, Mohyun Park, and Dong Hoon Lee. 2020. AI-IDS: Application of deep learning to real-time web intrusion detection. IEEE Access 8 (2020), 70245–70261.
Danny Kim, Daniel Mirsky, Amir Majlesi-Kupaei, and Rajeev Barua. 2018. A hybrid static tool to increase the usability and scalability of dynamic detection of malware. In 2018 13th International Conference on Malicious and Unwanted Software (MALWARE). IEEE, 115–123.
Heejung Kim and Hwankuk Kim. 2022. Comparative experiment on TTP classification with class imbalance using oversampling from CTI dataset. Security and Communication Networks 2022, 1 (2022), 5021125.
Hongbi Kim, Yongsoo Lee, Eungyu Lee, and Taejin Lee. 2021. Cost-effective valuable data detection based on the reliability of artificial intelligence. IEEE Access 9 (2021), 108959–108974.
Jae-yeol Kim and Hyuk-Yoon Kwon. 2022. Threat classification model for security information event management focusing on model efficiency. Computers & Security 120 (2022), 102789.
Satoru Koda, Yusuke Kambara, Takanori Oikawa, Kazuyoshi Furukawa, Yuki Unno, and Masahiko Murakami. 2020. Anomalous IP address detection on traffic logs using novel word embedding. In 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC). IEEE, 1504–1509.
Yuma Kurogome, Yuto Otsuki, Yuhei Kawakoya, Makoto Iwamura, Syogo Hayashi, Tatsuya Mori, and Koushik Sen. 2019. EIGER: Automated IOC generation for accurate and interpretable endpoint malware detection. In 35th Annual Computer Security Applications Conference. 687–701.
Masaki Kuwano, Momoka Okuma, Satoshi Okada, and Takuho Mitsunaga. 2022. ATT&CK behavior forecasting based on collaborative filtering and graph databases. In 2022 IEEE International Conference on Computing (ICOCO). IEEE, 191–197.
Maxime Lanvin, Pierre-François Gimenez, Yufei Han, Frédéric Majorczyk, Ludovic Mé, and Eric Totel. 2023. Towards understanding alerts raised by unsupervised network intrusion detection systems. In 26th International Symposium on Research in Attacks, Intrusions and Defenses. 135–150.
Outi–Marja Latvala, Ivo Emanuilov, Tatu Niskanen, Pia Raitio, Jarno Salonen, Diogo Santos, and Katerina Yordanova. 2022. Proof-of-concept for a granular incident management information sharing scheme. In 2022 IEEE World AI IoT Congress (AIIoT). 515–520. DOI: 10.1109/AIIoT54504.2022.9817254
Tim Laue, Carsten Kleiner, Kai-Oliver Detken, and Timo Klecker. 2021. A SIEM architecture for multidimensional anomaly detection. In 11th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). IEEE, 136–142.
David Lazar, Kobi Cohen, Alon Freund, Avishay Bartik, and Aviv Ron. 2021. IMDoC: Identification of malicious domain campaigns via DNS and communicating files. IEEE Access 9 (2021), 45242–45258.
Jonghoon Lee, Jonghyun Kim, Ikkyun Kim, and Kijun Han. 2019. Cyber threat detection based on artificial neural networks using event profiles. IEEE Access 7 (2019), 165607–165626.
Jehyun Lee, Farren Tang, Phyo May Thet, Desmond Yeoh, Mitch Rybczynski, and Dinil Mon Divakaran. 2022. Sierra: Ranking anomalous activities in enterprise networks. In 2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P). IEEE, 44–59.
Moemedi Lefoane, Ibrahim Ghafir, Sohag Kabir, and Irfan-Ullah Awan. 2023. Latent dirichlet allocation for the detection of multi-stage attacks. In 2023 24th International Arab Conference on Information Technology (ACIT). IEEE, 1–7.
Anying Li and Derek Lin. 2018. Generating interpretable network asset clusters for security analytics. In 2018 IEEE International Conference on Big Data (Big Data). IEEE, 2972–2979.
Hao Li, Zhenxiang Chen, Riccardo Spolaor, Qiben Yan, Chuan Zhao, and Bo Yang. 2019. Dart: Detecting unseen malware variants using adaptation regularization transfer learning. In ICC 2019-2019 IEEE International Conference on Communications (ICC). IEEE, 1–6.
Jiacheng Li, Tong Li, Runzi Zhang, Di Wu, Hao Yue, and Zhen Yang. 2023. APM: An attack path-based method for APT attack detection on few-shot learning. In 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 10–19.
Xiu-Ru Liang, Huei-Tang Li, Chiung-Ying Huang, Wei-An Chen, Yi-Feng Chen, Zhi-Jia Gao, Meng-Wei Sun, and Hao-Cheng Chia. 2023. Outlier-based anomaly detection in firewall logs. In 2023 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI). IEEE, 1–10.
Ivandro O Lopes, Deqing Zou, Ihsan H Abdulqadder, Saeed Akbar, Zhen Li, Francis Ruambo, and Wagner Pereira. 2023. Network intrusion detection based on the temporal convolutional model. Computers & Security 135 (2023), 103465.
André Manuel Macedo and João Paulo Magalhães. 2023. Detection of network intrusions using anomaly detection. In 2023 20th ACS/IEEE International Conference on Computer Systems and Applications (AICCSA). IEEE, 1–6.
Stefan Machmeier, Maximilian Hoecker, and Vincent Heuveline. 2023. Explainable artificial intelligence for improving a session-based malware traffic classification with deep learning. In 2023 IEEE Symposium Series on Computational Intelligence (SSCI). IEEE, 850–855.
Francesco Marchiori, Mauro Conti, and Nino Vincenzo Verde. 2023. Stixnet: A novel and modular solution for extracting all stix objects in cti reports. In Proceedings of the 18th International Conference on Availability, Reliability and Security. 1–11.
Dan-Georgian Marculet, Razvan Benchea, and Dragos Teodor Gavrilut. 2019. Methods for training neural networks with zero false positives for malware detection. In 2019 21st International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC). 230–236. DOI: 10.1109/SYNASC49474.2019.00039
Renato Marinho and Raimir Holanda. 2023. Automated emerging cyber threat identification and profiling based on natural language processing. IEEE Access 11 (2023), 58915–58936.
Cláudio Martins and Ibéria Medeiros. 2022. Generating quality threat intelligence leveraging OSINT and a cyber threat unified taxonomy. ACM Trans. Priv. Secur. 25, 3 (2022), 1–39. 10.1145/3530977
Nestor Maslej, Loredana Fattorini, Erik Brynjolfsson, John Etchemendy, Katrina Ligett, Terah Lyons, James Manyika, Helen Ngo, Juan Carlos Niebles, Vanessa Parli, et al. 2023. Artificial intelligence index report 2023. arXiv:2310.03715. Retrieved from https://arxiv.org/abs/2310.03715
Luís Mata, Sinan Wannous, David Duarte, Eva Maia, Pedro Vieira, and Isabel Praça. 2023. On the implementation of a secure and energetically efficient NOC for mobile networks. In 2023 International Conference on Smart Applications, Communications and Networking (SmartNets). IEEE, 1–8.
Rui Mei, Han-Bing Yan, Zhi-Hui Han, and Jian-Chun Jiang. 2021. CTScopy: Hunting cyber threats within enterprise via provenance graph-based analysis. In 2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS). IEEE, 28–39.
Otgonpurev Mendsaikhan, Hirokazu Hasegawa, Yukiko Yamaguchi, and Hajime Shimada. 2019. Identification of cybersecurity specific content using the Doc2Vec language model. In 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Vol. 1. IEEE, 396–401.
John Mern, Kyle Hatch, Ryan Silva, Cameron Hickert, Tamim Sookoor, and Mykel J. Kochenderfer. 2022. Autonomous attack mitigation for industrial control systems. In 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). IEEE, 28–36.
Mamoru Mimura and Hidema Tanaka. 2017. Long-term performance of a generic intrusion detection method using Doc2vec. In 2017 Fifth International Symposium on Computing and Networking (CANDAR). IEEE, 456–462.
Andrew Morin and Tyler Moore. 2022. Towards cost-balanced intrusion detection in OT environments. In 2022 IEEE Conference on Communications and Network Security (CNS). IEEE, 1–6.
Nour Moustafa and Jill Slay. 2015. UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS). 1–6. DOI: 10.1109/MilCIS.2015.7348942
Yohan Muliono, Mohamad Yusof Darus, Chrisando Ryan Pardomuan, Muhammad Azizi Mohd Ariffin, and Aditya Kurniawan. 2022. Predicting confidentiality, integrity, and availability from SQL injection payload. In 2022 International Conference on Information Management and Technology (ICIMTech). IEEE, 600–605.
Mohammed Saleh Ali Muthanna, Reem Alkanhel, Ammar Muthanna, Ahsan Rafiq, and Wadhah Ahmed Muthanna Abdullah. 2022. Towards SDN-enabled, intelligent intrusion detection system for internet of things (IoT). IEEE Access 10 (2022), 22756–22768.
Joonwoo Myung, Youngmin Ko, Taewoong Kwon, Jun Lee, Kyuil Kim, and Jungsuk Song. 2023. Intrusion detection systems based on machine learning using feature expansion methods. In 2023 18th Asia Joint Conference on Information Security (AsiaJCIS). IEEE, 32–38.
Azqa Nadeem, Sicco Verwer, Stephen Moskal, and Shanchieh Jay Yang. 2021. Alert-driven attack graph generation using s-pdfa. IEEE Transactions on Dependable and Secure Computing 19, 2 (2021), 731–746.
Carlos Natalino, Marco Schiano, Andrea Di Giglio, and Marija Furdek. 2022. Root cause analysis for autonomous optical network security management. IEEE Transactions on Network and Service Management 19, 3 (2022), 2702–2713.
Mohamed Naveen and Suman De. 2022. Efficient digital assistant workflow for ticket monitoring and dispatching. In 2022 International Conference on Smart Generation Computing, Communication and Networking (SMART GENCON). IEEE, 1–6.
Samuel Ndichu, Tao Ban, Takeshi Takahashi, and Daisuke Inoue. 2021. A machine learning approach to detection of critical alerts from imbalanced multi-appliance threat alert logs, Y. Chen, H. Ludwig, Y. Tu, U. Fayyad, X. Zhu, X. Hu, S. Byna, X. Liu, J. Zhang, S. Pan, V. Papalexakis, J. Wang, A. Cuzzocrea, and C. Ordonez (Eds.). 2021 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA), 2119–2127. DOI: 10.1109/BigData52589.2021.9671956 9th IEEE International Conference on Big Data (IEEE BigData), ELECTR NETWORK, DEC 15-18, 2021.
Samuel Ndichu, Tao Ban, Takeshi Takahashi, and Daisuke Inoue. 2022. Critical-threat-alert detection using online machine learning. In 2022 IEEE International Conference on Big Data (Big Data). IEEE, 3007–3014.
Samuel Ndichu, Tao Ban, Takeshi Takahashi, and Daisuke Inoue. 2022. Security-alert screening with oversampling based on conditional generative adversarial networks. In 2022 17th Asia Joint Conference on Information Security (AsiaJCIS). IEEE, 1–7.
Samuel Ndichu, Tao Ban, Takeshi Takahashi, and Daisuke Inoue. 2023. Machine learning–based security alert screening with focal loss. In 2023 IEEE International Conference on Big Data (BigData). IEEE, 3043–3052.
Euclides Carlos Pinto Neto, Sajjad Dadkhah, and Ali A Ghorbani. 2022. Collaborative DDoS detection in distributed multi-tenant IoT using federated learning. In 2022 19th Annual International Conference on Privacy, Security & Trust (PST). IEEE, 1–10.
Subash Neupane, Jesse Ables, William Anderson, Sudip Mittal, Shahram Rahimi, Ioana Banicescu, and Maria Seale. 2022. Explainable intrusion detection systems (x-ids): A survey of current methods, challenges, and opportunities. IEEE Access 10 (2022), 112392–112415.
Quoc Phong Nguyen, Kar Wai Lim, Dinil Mon Divakaran, Kian Hsiang Low, and Mun Choon Chan. 2019. Gee: A gradient-based explainable variational autoencoder for network anomaly detection. In 2019 IEEE Conference on Communications and Network Security (CNS). IEEE, 91–99.
Taishi Nishiyama, Atsutoshi Kumagai, Kazunori Kamiya, and Kenji Takahashi. 2020. SILU: Strategy involving large-scale unlabeled logs for improving malware detector. 2020 IEEE SYMPOSIUM ON COMPUTERS AND COMMUNICATIONS (ISCC), 524–530. 25th IEEE Symposium on Computers and Communications (ISCC), Rennes, FRANCE, JUL 07-10, 2020.
Francesco Nocera, Simone Demilito, Piergiorgio Ladisa, Marina Mongiello, Awais Aziz Shah, Jawad Ahmad, and Eugenio Di Sciascio. 2022. A user behavior analytics (uba)-based solution using lstm neural network to mitigate ddos attack in fog and cloud environment. In 2022 2nd International Conference of Smart Systems and Emerging Technologies (SMARTTECH). IEEE, 74–79.
Ridwan Nur Wibowo, Parman Sukarno, and Erwid Musthofa Jadied. 2019. NSL-KDD Dataset. https://api.semanticscholar.org/CorpusID:198166203
Håvard Jakobsen Ofte and Sokratis Katsikas. 2023. Understanding situation awareness in SOCs, a systematic literature review. Computers & Security 126 (2023), 103069.
Talha Ongun, Oliver Spohngellert, Benjamin Miller, Simona Boboila, Alina Oprea, Tina Eliassi-Rad, Jason Hiser, Alastair Nottingham, Jack Davidson, and Malathi Veeraraghavan. 2021. PORTFILER: Port-level network profiling for self-propagating malware detection. In 2021 IEEE Conference on Communications and Network Security (CNS). IEEE, 182–190.
Alina Oprea, Zhou Li, Robin Norris, and Kevin Bowers. 2018. Made: Security analytics for enterprise threat detection. In Proceedings of the 34th Annual Computer Security Applications Conference. 124–136.
Alina Oprea, Zhou Li, Robin Norris, and Kevin Bowers. 2018. MADE: Security analytics for enterprise threat detection. Proceedings of the 34th Annual Computer Security Applications Conference, 124–136. DOI: 10.1145/3274694.3274710
Riccardo Orizio, Satyanarayana Vuppala, Stylianos Basagiannis, and Gregory Provan. 2020. Towards an explainable approach for insider threat detection: Constraint network learning. In 2020 International Conference on Intelligent Data Science Technologies and Applications (IDSTA). IEEE, 42–49.
Matthew J. Page, Joanne E. McKenzie, Patrick M. Bossuyt, Isabelle Boutron, Tammy C. Hoffmann, Cynthia D. Mulrow, Larissa Shamseer, Jennifer M. Tetzlaff, Elie A. Akl, Sue E. Brennan, Roger Chou, Julie Glanville, Jeremy M. Grimshaw, Asbjørn Hróbjartsson, Manoj M Lalu, Tianjing Li, Elizabeth W Loder, Evan Mayo-Wilson, Steve McDonald, Luke A. McGuinness, Lesley A. Stewart, James Thomas, Andrea C. Tricco, Vivian A. Welch, Penny Whiting, and David Moher. 2021. The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. BMJ 372 (2021). DOI: 10.1136/bmj.n71 arXiv:https://www.bmj.com/content/372/bmj.n71.full.pdf
Cheolhee Park, Jonghoon Lee, Youngsoo Kim, Jong-Geun Park, Hyunjin Kim, and Dowon Hong. 2022. An enhanced AI-based network intrusion detection system using generative adversarial networks. IEEE Internet of Things Journal 10, 3 (2022), 2330–2345.
Uduwarage Nipun Akalanka Perera, Shanith Rathnayaka, ND Perera, WW Madushanka, and Amila Nuwan Senarathne. 2021. The next gen security operation center. In 2021 6th International Conference for Convergence in Technology (I2CT). IEEE, 1–9.
Vihanga Heshan Perera, Amila Nuwan Senarathne, and Lakmal Rupasinghe. 2019. Intelligent soc chatbot for security operation center. In 2019 International Conference on Advancements in Computing (ICAC). IEEE, 340–345.
Sergio Iglesias Pérez, Santiago Moral-Rubio, and Regino Criado. 2021. A new approach to combine multiplex networks and time series attributes: Building intrusion detection systems (IDS) in cybersecurity. Chaos, Solitons & Fractals 150 (2021), 111143.
Aditya Pingle, Aritran Piplai, Sudip Mittal, Anupam Joshi, James Holt, and Richard Zak. 2020. RelExt: Relation extraction using deep learning approaches for cybersecurity knowledge graph improvement. Proceedings of the 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, 879–886. DOI: 10.1145/3341161.3343519
Alfan Presekal, Alexandru Ştefanov, Vetrivel Subramaniam Rajkumar, and Peter Palensky. 2023. Cyber forensic analysis for operational technology using graph-based deep learning. In 2023 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). IEEE, 1–7.
Medha Pujari, Bhanu Prakash Cherukuri, Ahmad Y Javaid, and Weiqing Sun. 2022. An approach to improve the robustness of machine learning based intrusion detection system models against the carlini-wagner attack. In 2022 IEEE International Conference on Cyber Security and Resilience (CSR). IEEE, 62–67.
Áron Puskás, Eszter Kail, Szandra Laczi, and Anna Bánáti. 2023. Neural network-based log analysis methods for 5G network. In 2023 IEEE 21st Jubilee International Symposium on Intelligent Systems and Informatics (SISY). IEEE, 000589–000594.
Malik Qasaimeh, Rand Abu Hammour, Muneer Bani Yassein, Raad S Al-Qassas, Juan Alfonso Lara Torralbo, and David Lizcano. 2022. Advanced security testing using a cyber-attack forecasting model: A case study of financial institutions. Journal of Software: Evolution and Process 34, 11 (2022), e2489.
Petar Radanliev. 2024. Digital security by design. Security Journal 37, 4 (2024), 1640–1679.
Petar Radanliev. 2024. Integrated cybersecurity for metaverse systems operating with artificial intelligence, blockchains, and cloud computing. Frontiers in Blockchain 7 (2024), 1359130.
Priyanka Ranade, Aritran Piplai, Anupam Joshi, and Tim Finin. 2021. Cybert: Contextualized embeddings for the cybersecurity domain. In 2021 IEEE International Conference on Big Data (Big Data). IEEE, 3334–3342.
Ruby Rani, Gregory Epiphaniou, and Carsten Maple. 2023. Reinforcement learning-based alert prioritisation in security operation centre: A framework for enhancing cybersecurity in the digital economy. In International Conference on AI and the Digital Economy (CADE 2023), Vol. 2023. IET, 151–157.
Madhu Raut, Sunita Dhavale, Amarjit Singh, and Atul Mehra. 2020. Insider threat detection using deep learning: A review. In 2020 3rd International Conference on Intelligent Sustainable Systems (ICISS). IEEE, 856–863.
Christopher Redino, Dhruv Nandakumar, Robert Schiller, Kevin Choi, Abdul Rahman, Edward Bowen, Aaron Shaha, Joe Nehila, and Matthew Weeks. 2022. Zero day threat detection using graph and flow based security telemetry. In 2022 International Conference on Computing, Communication, and Intelligent Systems (ICCCIS). IEEE, 655–662.
Matteo Repetto. 2023. Adaptive monitoring, detection, and response for agile digital service chains. Computers & Security 132 (2023), 103343.
Gilad Rosenthal, Ofir Erets Kdosha, Kobi Cohen, Alon Freund, Avishay Bartik, and Aviv Ron. 2020. ARBA: Anomaly and reputation based approach for detecting infected IoT devices. IEEE Access 8 (2020), 145751–145767.
Kevin A Roundy, Acar Tamersoy, Michael Spertus, Michael Hart, Daniel Kats, Matteo Dell’Amico, and Robert Scott. 2017. Smoke detector: Cross-product intrusion detection with weak indicators. In Proceedings of the 33rd Annual Computer Security Applications Conference. 200–211.
Stuart Russell and Peter Norvig. 2021. Artificial Intelligence: A Modern Approach (4th ed.). Prentice Hall.
Stanisław Saganowski. 2020. A three-stage machine learning network security solution for public entities. In 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 1097–1104.
Sagar Samtani, Hongyi Zhu, and Hsinchun Chen. 2020. Proactively identifying emerging hacker threats from the dark web: A diachronic graph embedding framework (d-gef). ACM Transactions on Privacy and Security (TOPS) 23, 4 (2020), 1–33.
José Carlos Sancho, Andrés Caro, Mar Ávila, and Alberto Bravo. 2020. New approach for threat classification and security risk estimations based on security event management. Future Generation Computer Systems 113 (2020), 488–505.
Vita Santa Barletta, Danilo Caivano, Mirko De Vincentiis, Anibrata Pal, and Francesco Volpe. 2023. Automotive knowledge base for supporting vehicle-SOC analysts. In 2023 IEEE International Conference on Metrology for eXtended Reality, Artificial Intelligence and Neural Engineering (MetroXRAINE). IEEE, 960–965.
Daniel Schlette, Marco Caselli, and Günther Pernul. 2021. A comparative study on cyber threat intelligence: The security incident response perspective. IEEE Communications Surveys & Tutorials 23, 4 (2021), 2525–2556.
Hichem Sedjelmaci. 2020. Attacks detection approach based on a reinforcement learning process to secure 5g wireless network. In 2020 IEEE International Conference on Communications Workshops (ICC Workshops). IEEE, 1–6.
Hichem Sedjelmaci. 2022. Attacks detection and decision framework based on generative adversarial network approach: Case of vehicular edge computing network. Transactions on Emerging Telecommunications Technologies 33, 10 (10 2022), e4073. DOI: 10.1002/ett.4073
Hichem Sedjelmaci, Fateh Guenab, Aymen Boudguiga, and Yohann Petiot. 2018. Cooperative security framework for CBTC network. In 2018 IEEE International Conference on Communications (ICC). IEEE, 1–6.
Ömer Sen, Philipp Malskorn, Simon Glomb, Immanuel Hacker, Martin Henze, and Andreas Ulbig. 2023. An approach to abstract multi-stage cyberattack data generation for ml-based ids in smart grids. In 2023 IEEE Belgrade PowerTech. IEEE, 01–10.
Giuseppe Settanni, Yegor Shovgenya, Florian Skopik, Roman Graf, Markus Wurzenberger, and Roman Fiedler. 2017. Acquiring cyber threat intelligence through security information correlation. In 2017 3rd IEEE International Conference on Cybernetics (CYBCONF). IEEE, 1–7.
Ankit Shah, Arunesh Sinha, Rajesh Ganesan, Sushil Jajodia, and Hasan Cam. 2020. Two can play that game: An adversarial evaluation of a cyber-alert inspection system. ACM Transactions on Intelligent Systems and Technology (TIST) 11, 3 (2020), 1–20.
Deepesh Shahjee and Nilesh Ware. 2022. Integrated network and security operation center: A systematic analysis. IEEE Access 10 (2022), 27881–27898.
Iman Sharafaldin, Arash Habibi Lashkari, Ali A Ghorbani, et al. 2018. Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1 (2018), 108–116.
Iman Sharafaldin, Arash Habibi Lashkari, Saqib Hakak, and Ali A Ghorbani. 2019. Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In 2019 International Carnahan Conference on Security Technology (ICCST). IEEE, 1–8.
Haroon Sheikh, Corien Prins, and Erik Schrijvers. 2023. Artificial intelligence: Definition and background. In Mission AI: The New System Technology. Springer, 15–41.
Toshiki Shibahara, Hirokazu Kodera, Daiki Chiba, Mitsuaki Akiyama, Kunio Hato, Ola Söderström, Daniel Dalek, and Masayuki Murata. 2019. Cross-vendor knowledge transfer for managed security services with triplet network. Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security, 59–69. DOI: 10.1145/3338501.3357367
Lijian Sun, Yun Zhou, Yanjuan Wang, Cheng Zhu, and Weiming Zhang. 2020. The effective methods for intrusion detection with limited network attack data: Multi-task learning and oversampling. IEEE Access 8 (2020), 185384–185398.
Hatma Suryotrisongko, Yasuo Musashi, Akio Tsuneda, and Kenichi Sugitani. 2022. Robust botnet DGA detection: Blending XAI and OSINT for cyber threat intelligence sharing. IEEE Access 10 (2022), 34613–34624.
Zarrin Tasnim Sworna, Muhammad Ali Babar, and Anjitha Sreekumar. 2023. IRP2API: Automated mapping of cyber security incident response plan to security tools’ APIs. In 2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). IEEE, 546–557.
Zarrin Tasnim Sworna, Chadni Islam, and Muhammad Ali Babar. 2023. APIRO: A framework for automated security tools API recommendation. ACM Trans. Softw. Eng. Methodol. 32, 1 (2 2023), 1–42. 10.1145/3512768
Mateusz Szczepański, Michał Choraś, Marek Pawlicki, and Rafał Kozik. 2020. Achieving explainability of intrusion detection system by hybrid oracle-explainer approach. In 2020 International Joint Conference on Neural Networks (IJCNN). IEEE, 1–8.
Baoming Tang, Qiaona Hu, and Derek Lin. 2017. Reducing false positives of user-to-entity first-access alerts for user behavior analytics. In 2017 IEEE International Conference on Data Mining Workshops (ICDMW). IEEE, 804–811.
Paul Theron, Alexander Kott, Martin Drašar, Krzysztof Rzadca, Benoît LeBlanc, Mauno Pihelgas, Luigi Mancini, and Agostino Panico. 2018. Towards an active, autonomous and intelligent cyber defense of military systems: The NATO AICA reference architecture. In 2018 International Conference on Military Communications and Information Systems (ICMCIS). IEEE, 1–9.
Hauton Tsang, Mohammad A Salahuddin, Noura Limam, and Raouf Boutaba. 2023. Meta-ATMoS+: A meta-reinforcement learning framework for threat mitigation in software-defined networks. In 2023 IEEE 48th Conference on Local Computer Networks (LCN). IEEE, 1–9.
Andrea Tundis, Samuel Ruppert, and Max Mühlhäuser. 2022. A feature-driven method for automating the assessment of osint cyber threat sources. Computers & Security 113 (2022), 102576.
Uğur Ünal and Hasan Dağ. 2022. Anomalyadapters: Parameter-efficient multi-anomaly task detection. IEEE Access 10 (2022), 5635–5646.
Uğur Ünal, Ceyda Nur Kahya, Yaprak Kurtlutepe, and Hasan Dağ. 2021. Investigation of cyber situation awareness via SIEM tools: A constructive review. In 2021 6th International Conference on Computer Science and Engineering (UBMK). IEEE, 676–681.
Rohit Valecha, Pranali Mandaokar, and H Raghav Rao. 2021. Phishing email detection using persuasion cues. IEEE Transactions on Dependable and Secure Computing 19, 2 (2021), 747–756.
Thijs Van Ede, Hojjat Aghakhani, Noah Spahn, Riccardo Bortolameotti, Marco Cova, Andrea Continella, Maarten van Steen, Andreas Peter, Christopher Kruegel, and Giovanni Vigna. 2022. Deepcase: Semi-supervised contextual analysis of security events. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 522–539.
Meble Varghese and M Victor Jose. 2022. Optimal trained deep maxout model for intrusion detection in cloud. In 2022 International Conference on Automation, Computing and Renewable Systems (ICACRS). IEEE, 1220–1227.
Seba Anna Varghese, Alireza Dehlaghi Ghadim, Ali Balador, Zahra Alimadadi, and Panos Papadimitratos. 2022. Digital twin-based intrusion detection for industrial control systems. In 2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops). IEEE, 611–617.
Sridhar Venkatesan, Harshvardhan Sikka, Rauf Izmailov, Ritu Chadha, Alina Oprea, and Michael J De Lucia. 2021. Poisoning attacks and data sanitization mitigations for machine learning models in network intrusion detection systems. In MILCOM 2021-2021 IEEE Military Communications Conference (MILCOM). IEEE, 874–879.
Manfred Vielberth, Fabian Böhm, Ines Fichtinger, and Günther Pernul. 2020. Security operations center: A systematic study and open challenges. IEEE Access 8 (2020), 227756–227779.
Quang Hieu Vu, Dymitr Ruta, and Ling Cen. 2019. Gradient boosting decision trees for cyber security threats detection based on network events logs. In 2019 IEEE International Conference on Big Data (Big Data). IEEE, 5921–5928.
AM Vulfin. 2023. Detection of network attacks in a heterogeneous industrial network based on machine learning. Programming and Computer Software 49, 4 (2023), 333–345.
Yatin Wadhawan and Clifford Neuman. 2018. Rl-bags: A tool for smart grid risk assessment. In 2018 International Conference on Smart Grid and Clean Energy Technologies (ICSGCE). IEEE, 7–14.
Tian Wang, Chen Zhang, Zhigang Lu, Dan Du, and Yaopeng Han. 2019. Identifying truly suspicious events and false alarms based on alert graph. In 2019 IEEE International Conference on Big Data (Big Data). IEEE, 5929–5936.
Xuren Wang, Rong Chen, Binghua Song, Jie Yang, Zhengwei Jiang, Xiaoqing Zhang, Xiaomeng Li, and Shengqin Ao. 2021. A method for extracting unstructured threat intelligence based on dictionary template and reinforcement learning. In 2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD). IEEE, 262–267.
Yifeng Wang, Yuanbo Guo, and Chen Fang. 2022. An end-to-end method for advanced persistent threats reconstruction in large-scale networks based on alert and log correlation. Journal of Information Security and Applications 71 (2022), 103373.
Arkadiusz Warzyński, Patryk Schauer, and Łukasz Falas. 2021. Regional center of cybersecurity anomaly detection module efficiency in network monitoring scenarios. In 2021 IEEE 30th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE). IEEE, 107–112.
Łukasz Wawrowski, Marcin Michalak, Andrzej Białas, Rafał Kurianowicz, Marek Sikora, Mariusz Uchroński, and Adrian Kajzer. 2021. Detecting anomalies and attacks in network traffic monitoring with classification methods and XAI-based explainability. Procedia Computer Science 192 (2021), 2259–2268.
Peilun Wu and Hui Guo. 2022. Holmes: An efficient and lightweight semantic based anomalous email detector. In 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 1360–1367.
Peilin Wu, Jinlei Li, Yan Meng, and Haojin Zhu. 2019. An ensemble approach for suspicious traffic detection from high recall network alerts. In 2019 IEEE International Conference on Big Data (Big Data). IEEE, 5937–5944.
Shuning Wu, Joel Fulton, Ningwei Liu, Charles Feng, and Ligang Zhang. 2019. Risky host detection with bias reduced semi-supervised learning. Proceedings of the 2019 International Conference on Artificial Intelligence and Computer Science, 34–40. DOI: 10.1145/3349341.3349365
Anli Yan, Zhenxiang Chen, Riccardo Spolaor, Shuaishuai Tan, Chuan Zhao, Lizhi Peng, and Bo Yang. 2020. Network-based malware detection with a two-tier architecture for online incremental update. In 2020 IEEE/ACM 28th International Symposium on Quality of Service (IWQoS). IEEE, 1–10.
Huiran Yang, Jiaqi Kang, Yueyue Dai, Jiyan Sun, Yan Zhang, Huajun Cui, and Can Ma. 2023. LActDet: An automatic network attack activity detection framework for multi-step attacks. In 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 676–685.
Huiran Yang, Yan Zhang, Yueyue Dai, Jiyan Sun, Huajun Cui, Can Ma, and Weiping Wang. 2023. CACluster: A clustering approach for IoT attack activities based on contextual analysis. In 2023 IEEE 29th International Conference on Parallel and Distributed Systems (ICPADS). IEEE, 1809–1816.
Jin Yang, Tao Li, Gang Liang, Wenbo He, and Yue Zhao. 2019. A simple recurrent unit model based intrusion detection system with DCGAN. IEEE Access 7 (2019), 83286–83296.
Zhen Yang, Xiaodong Liu, Tong Li, Di Wu, Jinjiang Wang, Yunwei Zhao, and Han Han. 2022. A systematic literature review of methods and datasets for anomaly-based network intrusion detection. Computers & Security 116 (2022), 102675.
Waleed A. Yousef, Issa Traoré, and William Briguglio. 2022. Classifier calibration: with application to threat scores in cybersecurity. IEEE Transactions on Dependable and Secure Computing 20, 3 (2022), 1994–2010.
Syed Rameem Zahra, Mohammad Ahsan Chishti, Asif Iqbal Baba, and Fan Wu. 2022. Detecting Covid-19 chaos driven phishing/malicious URL attacks by a fuzzy logic and data mining based intelligence system. Egyptian Informatics Journal 23, 2 (2022), 197–214.
Jun Zengy, Xiang Wang, Jiahao Liu, Yinfang Chen, Zhenkai Liang, Tat-Seng Chua, and Zheng Leong Chua. 2022. Shadewatcher: Recommendation-guided cyber threat analysis using system audit records. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 489–506.
Fengli Zhang, Philip Huff, Kylie McClanahan, and Qinghua Li. 2020. A machine learning-based approach for automated vulnerability remediation analysis. In 2020 IEEE Conference on Communications and Network Security (CNS). IEEE, 1–9.
Yizhe Zhang, Hongying Dong, Alastair Nottingham, Molly Buchanan, Donald E Brown, and Yixin Sun. 2023. Global analysis with aggregation-based beaconing detection across large campus networks. In Proceedings of the 39th Annual Computer Security Applications Conference. 565–579.
Ziani Zineb, Emad Nahid, and Bouaziz Ahmed. 2023. A novel approach to parallel anomaly detection: Application in cybersecurity. In 2023 IEEE International Conference on Big Data (BigData). IEEE, 3574–3583.