Enhancing cybersecurity incident response: AI-driven optimization for strengthened advanced persistent threat detection
The Cyber Security Incident Response Team executes its critical duties in the Centralized Security Operation Centers. Its primary target is to protect organizational resources from all types of Advanced Persistent Threats (APTs) and attacks while making the correct judgments at the right time. Despi...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier
2025-03-01
|
| Series: | Results in Engineering |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S2590123025001665 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832590922633707520 |
|---|---|
| author | Gauhar Ali Sajid Shah Mohammed ElAffendi |
| author_facet | Gauhar Ali Sajid Shah Mohammed ElAffendi |
| author_sort | Gauhar Ali |
| collection | DOAJ |
| description | The Cyber Security Incident Response Team executes its critical duties in the Centralized Security Operation Centers. Its primary target is to protect organizational resources from all types of Advanced Persistent Threats (APTs) and attacks while making the correct judgments at the right time. Despite the great efforts and the efficient tools, the incident response mechanism faces two significant challenges. The generation of large amounts of alerts with huge rates of false positives per unit of time and the time-consuming manual expert engagement in the post-alert decision phase. The main aim of this research study is to investigate the potential of Machine Learning techniques in solving the above challenges. This study proposes six event detection modules to identify 14 different types of malicious behavior using Splunk. The available APT dataset is extended by adding more alert types. Then, the machine learning techniques i.e., Random Forest, and XGBoost, are applied to improve the decision process and reduce the false positive alerts of the Security Information and Event Management system. The proposed model outperforms the state-of-the-art techniques by predicting an accuracy of 99.6%. |
| format | Article |
| id | doaj-art-e49eaa062eb04bc397724be89a2235b4 |
| institution | Kabale University |
| issn | 2590-1230 |
| language | English |
| publishDate | 2025-03-01 |
| publisher | Elsevier |
| record_format | Article |
| series | Results in Engineering |
| spelling | doaj-art-e49eaa062eb04bc397724be89a2235b42025-01-23T05:27:41ZengElsevierResults in Engineering2590-12302025-03-0125104078Enhancing cybersecurity incident response: AI-driven optimization for strengthened advanced persistent threat detectionGauhar Ali0Sajid Shah1Mohammed ElAffendi2Corresponding author.; EIAS Data Science Lab, College of Computer and Information Sciences, Prince Sultan University, Riyadh, 11586, Saudi ArabiaEIAS Data Science Lab, College of Computer and Information Sciences, Prince Sultan University, Riyadh, 11586, Saudi ArabiaEIAS Data Science Lab, College of Computer and Information Sciences, Prince Sultan University, Riyadh, 11586, Saudi ArabiaThe Cyber Security Incident Response Team executes its critical duties in the Centralized Security Operation Centers. Its primary target is to protect organizational resources from all types of Advanced Persistent Threats (APTs) and attacks while making the correct judgments at the right time. Despite the great efforts and the efficient tools, the incident response mechanism faces two significant challenges. The generation of large amounts of alerts with huge rates of false positives per unit of time and the time-consuming manual expert engagement in the post-alert decision phase. The main aim of this research study is to investigate the potential of Machine Learning techniques in solving the above challenges. This study proposes six event detection modules to identify 14 different types of malicious behavior using Splunk. The available APT dataset is extended by adding more alert types. Then, the machine learning techniques i.e., Random Forest, and XGBoost, are applied to improve the decision process and reduce the false positive alerts of the Security Information and Event Management system. The proposed model outperforms the state-of-the-art techniques by predicting an accuracy of 99.6%.http://www.sciencedirect.com/science/article/pii/S2590123025001665Cybersecurity incident responseMachine learningSecurity information and event management |
| spellingShingle | Gauhar Ali Sajid Shah Mohammed ElAffendi Enhancing cybersecurity incident response: AI-driven optimization for strengthened advanced persistent threat detection Results in Engineering Cybersecurity incident response Machine learning Security information and event management |
| title | Enhancing cybersecurity incident response: AI-driven optimization for strengthened advanced persistent threat detection |
| title_full | Enhancing cybersecurity incident response: AI-driven optimization for strengthened advanced persistent threat detection |
| title_fullStr | Enhancing cybersecurity incident response: AI-driven optimization for strengthened advanced persistent threat detection |
| title_full_unstemmed | Enhancing cybersecurity incident response: AI-driven optimization for strengthened advanced persistent threat detection |
| title_short | Enhancing cybersecurity incident response: AI-driven optimization for strengthened advanced persistent threat detection |
| title_sort | enhancing cybersecurity incident response ai driven optimization for strengthened advanced persistent threat detection |
| topic | Cybersecurity incident response Machine learning Security information and event management |
| url | http://www.sciencedirect.com/science/article/pii/S2590123025001665 |
| work_keys_str_mv | AT gauharali enhancingcybersecurityincidentresponseaidrivenoptimizationforstrengthenedadvancedpersistentthreatdetection AT sajidshah enhancingcybersecurityincidentresponseaidrivenoptimizationforstrengthenedadvancedpersistentthreatdetection AT mohammedelaffendi enhancingcybersecurityincidentresponseaidrivenoptimizationforstrengthenedadvancedpersistentthreatdetection |