AI-Driven Automation in Cyber Incident Response: Key Challenges, Opportunities, and Future Directions

Authors

  • Amol Sharadchandra Chaudhari, Himmat Pralhad Gathode

Keywords:

Artificial Intelligence, Cybersecurity, Incident Response, Automation, Explainable AI, Threat Detection, Response Time, Human-AI Collaboration, Simulation, Trust in AI.

Abstract

Cyber threats are becoming more common and more complex, therefore we need faster and smarter ways to respond to them. This study looked into the function of Artificial Intelligence (AI) in automating the response to cyber incidents, focusing on how well it works, what problems it might face, and what opportunities it might create. A mixed-methods approach was used, which included testing how well AI-based tools worked in fake cyber-attack situations and talking to cybersecurity experts. The results showed that AI tools cut down on detection and response times by a lot while still being quite accurate at finding and stopping threats. However, concerns regarding trust, explainability, and integration with legacy systems emerged as key barriers to adoption. The results imply that AI has the ability to change cybersecurity for the better, but it won't be successful unless systems that are clear and easy to understand are made that can work with human experience. These insights are very helpful for companies who want to use AI to improve their ability to respond to incidents.

Downloads

Download data is not yet available.

References

Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for cyber security intrusion detection .IEEE Communications Surveys & Tutorials, 18(2), 1153-1176

Sarker, I. H., Kayes, A. S. M., Badsha, S., Alqahtani, H., Watters,P., & Ng, A. (2020). Cybersecurity data science: An overview from machine learning perspective.

Dasgupta, D., Akhtar, Z., & Sen, S. (2020). Machine learning in cybersecurity: A comprehensive survey. Journal of Defense Modeling and Simulation, 19(1), 57-106., 7(1), 1-29

Diro, A. A., & Chilamkurti, N. (2018). Distributed attack detection scheme using deep learning approach for Internet of Things. Future Generation Computer Systems, 82, 761-768..

Vinayakumar, R., Alazab, M., Soman, K. P., Poornachandran, P.,Al-Nemrat, A., & Venkatraman, S. (2019). Deep learning approach for intelligent intrusion detection system. IEEE Access, 7, 41525-41550.

Ring, M., Wunderlich, S., Grüdl, D., Landes, D., & Hotho, A.(2017). Flow-based benchmark data sets for intrusion detection.In Proceedings of the 16th Workshop on Information Security Theory and Practice (pp. 361-369).

Sharafaldin, I., Lashkari, A. H., & Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In Proceedings of the 4thInternational Conference on Information Systems Security and Privacy (pp. 108-116).

Kwon, D., Kim, H., Kim, J., Suh, S. C., Kim, I., & Kim, K. J. (2017).A survey of deep learning-based network anomaly detection. Cluster Computing, 22(1), 949-961.

Choi, H., Kim, M., Lee, G., & Kim, W. (2019). Unsupervised learning approach for network intrusion detection system using autoencoders. The Journal of Supercomputing, 75(9), 5597-5621.

Dawson, J., & Fernandez, J. (2017). Security operation scenters: Organizational dimensions and best practices. ACM Computing Surveys, 49(3), 1-42.

Sikorski, M., & Honig, A. (2018). Automated incident response in the enterprise: From detection to remediation. IEEE Security & Privacy, 16(3), 52-59.

Ribeiro, M. T., Singh, S., & Guestrin, C. (2016). "Why should Itrust you?" Explaining the predictions of any classifier. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (pp. 1135-1144).

Lundberg, S. M., & Lee, S. I. (2017). A unified approach to interpreting model predictions. In Advances in Neural Information Processing Systems (pp. 4765-4774).

Arrieta, A. B., Díaz-Rodríguez, N., Del Ser, J., Bennetot, A.,Tabik, S., Barbado, A., ... & Herrera, F. (2020). Explainable Artificial Intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI. Information Fusion, 58,82-115.

Cummings, M. L., Gao, F., & Thornburg, K. M. (2016). Boredom in the workplace: A new look at an old problem. Human Factors,58(2), 279-300.

Kaplan, A., Kessler, T. T., & Brill, J. C. (2017). Trust in automation: Integrating empirical evidence on factors that influence trust. Human Factors, 59(3), 307-334.

Schwab, S. J., & Wilson, C. (2018). Human-machine teaming for cybersecurity: Leveraging the strengths of humans and machines. Communications of the ACM, 61(10), 86-93.

Goodfellow, I. J., Shlens, J., & Szegedy, C. (2015). Explaining and harnessing adversarial examples. In Proceedings of the International Conference on Learning Representations, (ICLR2015).

Apruzzese, G., Colajanni, M., Ferretti, L., Guido, A., &Marchetti, M. (2018). On the effectiveness of machine and deep learning for cyber security. In Proceedings of the 10thInternational Conference on Cyber Conflict (pp. 371-390).

Biggio, B., & Roli, F. (2018). Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition, 84,317-331.

Downloads

Published

30.12.2020

How to Cite

Amol Sharadchandra Chaudhari. (2020). AI-Driven Automation in Cyber Incident Response: Key Challenges, Opportunities, and Future Directions. International Journal of Intelligent Systems and Applications in Engineering, 8(4), 440–445. Retrieved from https://www.ijisae.org/index.php/IJISAE/article/view/8105

Issue

Vol. 8 No. 4 (2020)

Section

Research Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.

IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.