Empowering Security Operation Center With Artificial Intelligence and Machine Learning—A Systematic Literature Review
Organizational cybersecurity relies heavily on security operation centers (SOCs) to protect businesses and institutions from emerging cyber threats. In recent years, the complexity and sophistication of cyber threats have increased, pushing SOCs to their limits. As a result, SOCs struggle to address...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10850912/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832576781202227200 |
|---|---|
| author | Mohamad Khayat Ezedin Barka Mohamed Adel Serhani Farag Sallabi Khaled Shuaib Heba M. Khater |
| author_facet | Mohamad Khayat Ezedin Barka Mohamed Adel Serhani Farag Sallabi Khaled Shuaib Heba M. Khater |
| author_sort | Mohamad Khayat |
| collection | DOAJ |
| description | Organizational cybersecurity relies heavily on security operation centers (SOCs) to protect businesses and institutions from emerging cyber threats. In recent years, the complexity and sophistication of cyber threats have increased, pushing SOCs to their limits. As a result, SOCs struggle to address the evolving threat landscape due to their reliance on isolation technologies and reactive strategies. However, advanced technologies, such as artificial intelligence (AI) and machine learning (ML), have the potential to revolutionize SOCs by enhancing threat identification and response capabilities, as well as predicting and preempting risks. To address these challenges and highlight the full potential of SOC, this study provides a detailed overview through a comprehensive literature review that identifies gaps in existing research and examines the latest technologies used in the SOC environment to help address different operational and technical challenges and bring out their capabilities. Various methods, ranging from automated incident response and behavioral analytics to neural networks and deep learning, have been classified and compared. In addition, an in-depth reference architectural model, which is a blueprint for SOC integrating AI and ML into SOCs, is introduced. The proposed model provides a structured framework for implementation and offers insights into different SOC components and their interactions. Moreover, this systematic review emphasizes the benefits of these technologies for enhancing security operations. Finally, a case study is presented to describe the function of ML- and AI-powered SOC components to achieve optimum security. This paper concludes by discussing additional challenges and future research directions that may help advance the cybersecurity sector and provide insights into improving SOCs. |
| format | Article |
| id | doaj-art-c0ca62ce3da542a7a860fd5acc4bea25 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-c0ca62ce3da542a7a860fd5acc4bea252025-01-31T00:01:04ZengIEEEIEEE Access2169-35362025-01-0113191621919710.1109/ACCESS.2025.353295110850912Empowering Security Operation Center With Artificial Intelligence and Machine Learning—A Systematic Literature ReviewMohamad Khayat0https://orcid.org/0000-0002-1774-786XEzedin Barka1https://orcid.org/0000-0002-3995-7198Mohamed Adel Serhani2https://orcid.org/0000-0001-7001-3710Farag Sallabi3https://orcid.org/0000-0002-2887-5410Khaled Shuaib4https://orcid.org/0000-0003-1397-0420Heba M. Khater5https://orcid.org/0000-0002-6394-3482College of Information Technology, United Arab Emirates University, Al Ain, United Arab EmiratesCollege of Information Technology, United Arab Emirates University, Al Ain, United Arab EmiratesCollege of Computing and Informatics, University of Sharjah, Sharjah, United Arab EmiratesCollege of Information Technology, United Arab Emirates University, Al Ain, United Arab EmiratesCollege of Information Technology, United Arab Emirates University, Al Ain, United Arab EmiratesCollege of Information Technology, United Arab Emirates University, Al Ain, United Arab EmiratesOrganizational cybersecurity relies heavily on security operation centers (SOCs) to protect businesses and institutions from emerging cyber threats. In recent years, the complexity and sophistication of cyber threats have increased, pushing SOCs to their limits. As a result, SOCs struggle to address the evolving threat landscape due to their reliance on isolation technologies and reactive strategies. However, advanced technologies, such as artificial intelligence (AI) and machine learning (ML), have the potential to revolutionize SOCs by enhancing threat identification and response capabilities, as well as predicting and preempting risks. To address these challenges and highlight the full potential of SOC, this study provides a detailed overview through a comprehensive literature review that identifies gaps in existing research and examines the latest technologies used in the SOC environment to help address different operational and technical challenges and bring out their capabilities. Various methods, ranging from automated incident response and behavioral analytics to neural networks and deep learning, have been classified and compared. In addition, an in-depth reference architectural model, which is a blueprint for SOC integrating AI and ML into SOCs, is introduced. The proposed model provides a structured framework for implementation and offers insights into different SOC components and their interactions. Moreover, this systematic review emphasizes the benefits of these technologies for enhancing security operations. Finally, a case study is presented to describe the function of ML- and AI-powered SOC components to achieve optimum security. This paper concludes by discussing additional challenges and future research directions that may help advance the cybersecurity sector and provide insights into improving SOCs.https://ieeexplore.ieee.org/document/10850912/Artificial intelligencecybersecuritycyber threatshealthcare securityincident responsemachine learning |
| spellingShingle | Mohamad Khayat Ezedin Barka Mohamed Adel Serhani Farag Sallabi Khaled Shuaib Heba M. Khater Empowering Security Operation Center With Artificial Intelligence and Machine Learning—A Systematic Literature Review IEEE Access Artificial intelligence cybersecurity cyber threats healthcare security incident response machine learning |
| title | Empowering Security Operation Center With Artificial Intelligence and Machine Learning—A Systematic Literature Review |
| title_full | Empowering Security Operation Center With Artificial Intelligence and Machine Learning—A Systematic Literature Review |
| title_fullStr | Empowering Security Operation Center With Artificial Intelligence and Machine Learning—A Systematic Literature Review |
| title_full_unstemmed | Empowering Security Operation Center With Artificial Intelligence and Machine Learning—A Systematic Literature Review |
| title_short | Empowering Security Operation Center With Artificial Intelligence and Machine Learning—A Systematic Literature Review |
| title_sort | empowering security operation center with artificial intelligence and machine learning x2014 a systematic literature review |
| topic | Artificial intelligence cybersecurity cyber threats healthcare security incident response machine learning |
| url | https://ieeexplore.ieee.org/document/10850912/ |
| work_keys_str_mv | AT mohamadkhayat empoweringsecurityoperationcenterwithartificialintelligenceandmachinelearningx2014asystematicliteraturereview AT ezedinbarka empoweringsecurityoperationcenterwithartificialintelligenceandmachinelearningx2014asystematicliteraturereview AT mohamedadelserhani empoweringsecurityoperationcenterwithartificialintelligenceandmachinelearningx2014asystematicliteraturereview AT faragsallabi empoweringsecurityoperationcenterwithartificialintelligenceandmachinelearningx2014asystematicliteraturereview AT khaledshuaib empoweringsecurityoperationcenterwithartificialintelligenceandmachinelearningx2014asystematicliteraturereview AT hebamkhater empoweringsecurityoperationcenterwithartificialintelligenceandmachinelearningx2014asystematicliteraturereview |