{"id":"https://openalex.org/W4413060418","doi":"https://doi.org/10.1145/3747587","title":"Exploring the Role of Artificial Intelligence in Enhancing Security Operations: A Systematic Review","display_name":"Exploring the Role of Artificial Intelligence in Enhancing Security Operations: A Systematic Review","publication_year":2025,"publication_date":"2025-07-18","ids":{"openalex":"https://openalex.org/W4413060418","doi":"https://doi.org/10.1145/3747587"},"language":"en","primary_location":{"id":"doi:10.1145/3747587","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3747587","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1145/3747587","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5043660181","display_name":"Despoina Giarimpampa","orcid":null},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":true,"raw_author_name":"Despoina Giarimpampa","raw_affiliation_strings":["SnT, University of Luxembourg"],"affiliations":[{"raw_affiliation_string":"SnT, University of Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003682993","display_name":"Roland Meier","orcid":"https://orcid.org/0000-0002-8268-9037"},"institutions":[{"id":"https://openalex.org/I4210102027","display_name":"Cyber Defense Agency (United States)","ror":"https://ror.org/016hg3c35","country_code":"US","type":"company","lineage":["https://openalex.org/I4210102027"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Roland Meier","raw_affiliation_strings":["Cyber-Defense Campus, armasuisse"],"affiliations":[{"raw_affiliation_string":"Cyber-Defense Campus, armasuisse","institution_ids":["https://openalex.org/I4210102027"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082835974","display_name":"Tegawend\u00e9 F. Bissyand\u00e9","orcid":"https://orcid.org/0000-0001-7270-9869"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Tegawend\u00e9 F. Bissyande","raw_affiliation_strings":["SnT, University of Luxembourg"],"affiliations":[{"raw_affiliation_string":"SnT, University of Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048330561","display_name":"Vincent Lenders","orcid":"https://orcid.org/0000-0002-2289-3722"},"institutions":[{"id":"https://openalex.org/I4210102027","display_name":"Cyber Defense Agency (United States)","ror":"https://ror.org/016hg3c35","country_code":"US","type":"company","lineage":["https://openalex.org/I4210102027"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Vincent Lenders","raw_affiliation_strings":["Cyber-Defense Campus, armasuisse"],"affiliations":[{"raw_affiliation_string":"Cyber-Defense Campus, armasuisse","institution_ids":["https://openalex.org/I4210102027"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5040326968","display_name":"Jacques Klein","orcid":"https://orcid.org/0000-0003-4052-475X"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Jacques Klein","raw_affiliation_strings":["SnT, University of Luxembourg"],"affiliations":[{"raw_affiliation_string":"SnT, University of Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5043660181"],"corresponding_institution_ids":["https://openalex.org/I186903577"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.22094135,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"58","issue":"3","first_page":"1","last_page":"38"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.993399977684021,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9930999875068665,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8398679494857788},{"id":"https://openalex.org/keywords/transformative-learning","display_name":"Transformative learning","score":0.6914434432983398},{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.6909237504005432},{"id":"https://openalex.org/keywords/applications-of-artificial-intelligence","display_name":"Applications of artificial intelligence","score":0.48045700788497925},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4411919116973877},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3918297290802002},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.34001827239990234},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3312295973300934},{"id":"https://openalex.org/keywords/natural-language-processing","display_name":"Natural language processing","score":0.08739307522773743}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8398679494857788},{"id":"https://openalex.org/C70587473","wikidata":"https://www.wikidata.org/wiki/Q7834111","display_name":"Transformative learning","level":2,"score":0.6914434432983398},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.6909237504005432},{"id":"https://openalex.org/C157170001","wikidata":"https://www.wikidata.org/wiki/Q4781507","display_name":"Applications of artificial intelligence","level":2,"score":0.48045700788497925},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4411919116973877},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3918297290802002},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.34001827239990234},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3312295973300934},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.08739307522773743},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C19417346","wikidata":"https://www.wikidata.org/wiki/Q7922","display_name":"Pedagogy","level":1,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3747587","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3747587","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},{"id":"pmh:oai:orbilu.uni.lu:10993/65910","is_oa":true,"landing_page_url":"https://orbilu.uni.lu/handle/10993/65910","pdf_url":null,"source":{"id":"https://openalex.org/S4306401815","display_name":"Open Repository and Bibliography (University of Luxembourg)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I186903577","host_organization_name":"University of Luxembourg","host_organization_lineage":["https://openalex.org/I186903577"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"ACM Computing Surveys (2025-07-18)","raw_type":"peer reviewed"}],"best_oa_location":{"id":"doi:10.1145/3747587","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3747587","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":119,"referenced_works":["https://openalex.org/W2296509296","https://openalex.org/W2775173651","https://openalex.org/W2793841683","https://openalex.org/W2808052182","https://openalex.org/W2894279555","https://openalex.org/W2897186630","https://openalex.org/W2903094299","https://openalex.org/W2907611437","https://openalex.org/W2909729792","https://openalex.org/W2911518933","https://openalex.org/W2914442069","https://openalex.org/W2931993367","https://openalex.org/W2943546107","https://openalex.org/W2951944995","https://openalex.org/W2973227796","https://openalex.org/W2977483674","https://openalex.org/W2984027397","https://openalex.org/W2984365331","https://openalex.org/W2987485128","https://openalex.org/W2988926356","https://openalex.org/W2996415795","https://openalex.org/W3000539293","https://openalex.org/W3013517283","https://openalex.org/W3015183627","https://openalex.org/W3015592103","https://openalex.org/W3016266335","https://openalex.org/W3034563243","https://openalex.org/W3038151835","https://openalex.org/W3043354127","https://openalex.org/W3046344056","https://openalex.org/W3047988770","https://openalex.org/W3086302916","https://openalex.org/W3092115540","https://openalex.org/W3111749540","https://openalex.org/W3118615836","https://openalex.org/W3133508593","https://openalex.org/W3138770802","https://openalex.org/W3154632051","https://openalex.org/W3174167500","https://openalex.org/W3175986283","https://openalex.org/W3178738300","https://openalex.org/W3187784453","https://openalex.org/W3196518598","https://openalex.org/W3198775197","https://openalex.org/W3201894803","https://openalex.org/W3204342889","https://openalex.org/W3204378102","https://openalex.org/W3205075735","https://openalex.org/W3205263675","https://openalex.org/W3206613716","https://openalex.org/W3209498073","https://openalex.org/W4200000055","https://openalex.org/W4200127324","https://openalex.org/W4200281531","https://openalex.org/W4205244689","https://openalex.org/W4205434581","https://openalex.org/W4205462435","https://openalex.org/W4206985935","https://openalex.org/W4207005940","https://openalex.org/W4212929843","https://openalex.org/W4212973109","https://openalex.org/W4214699222","https://openalex.org/W4214752923","https://openalex.org/W4220837030","https://openalex.org/W4220954340","https://openalex.org/W4220955296","https://openalex.org/W4221018331","https://openalex.org/W4225657853","https://openalex.org/W4225690445","https://openalex.org/W4226139221","https://openalex.org/W4226366790","https://openalex.org/W4229968241","https://openalex.org/W4240134866","https://openalex.org/W4241644794","https://openalex.org/W4242113544","https://openalex.org/W4254526136","https://openalex.org/W4280596655","https://openalex.org/W4281727634","https://openalex.org/W4285101262","https://openalex.org/W4285231602","https://openalex.org/W4285413689","https://openalex.org/W4285483571","https://openalex.org/W4286776272","https://openalex.org/W4290739668","https://openalex.org/W4293192745","https://openalex.org/W4293211096","https://openalex.org/W4293234391","https://openalex.org/W4294811044","https://openalex.org/W4300662927","https://openalex.org/W4302809583","https://openalex.org/W4304759028","https://openalex.org/W4306406240","https://openalex.org/W4308038407","https://openalex.org/W4310762541","https://openalex.org/W4311165758","https://openalex.org/W4311693894","https://openalex.org/W4312384107","https://openalex.org/W4312942615","https://openalex.org/W4313116287","https://openalex.org/W4316042112","https://openalex.org/W4322722384","https://openalex.org/W4323797275","https://openalex.org/W4328051075","https://openalex.org/W4365445198","https://openalex.org/W4381137026","https://openalex.org/W4381733063","https://openalex.org/W4382583148","https://openalex.org/W4385343489","https://openalex.org/W4386566012","https://openalex.org/W4387576480","https://openalex.org/W4388867283","https://openalex.org/W4389387669","https://openalex.org/W4394850279","https://openalex.org/W4399120257","https://openalex.org/W4399120349","https://openalex.org/W4399803470","https://openalex.org/W4400977496","https://openalex.org/W4402957865","https://openalex.org/W4403432357"],"related_works":["https://openalex.org/W2158491338","https://openalex.org/W2807901368","https://openalex.org/W2133733652","https://openalex.org/W2072658171","https://openalex.org/W2606392311","https://openalex.org/W2320042380","https://openalex.org/W4385956668","https://openalex.org/W2900895161","https://openalex.org/W4380838366","https://openalex.org/W2539884462"],"abstract_inverted_index":{"Artificial":[0],"intelligence":[1],"(AI)":[2],"is":[3],"reshaping":[4],"Security":[5],"Operations":[6],"Centers":[7],"(SOCs).":[8],"This":[9],"systematic":[10],"literature":[11],"review":[12],"analyses":[13],"AI\u2019s":[14],"transformative":[15],"impact":[16],"across":[17],"the":[18,54,67],"NIST":[19],"Cybersecurity":[20],"Framework.":[21],"The":[22],"analysis":[23],"of":[24,36,42,56,61,70],"189":[25],"papers":[26,83],"related":[27],"to":[28],"AI":[29,37,58],"use-cases":[30],"for":[31,38,82],"SOCs":[32],"shows":[33],"widespread":[34],"application":[35],"detection,":[39],"with":[40,91],"65%":[41],"studies":[43,62],"focusing":[44],"on":[45,64,77],"it.":[46],"Yet,":[47],"it":[48],"also":[49],"reveals":[50],"deficiencies":[51],"in":[52,93],"recovery,":[53],"underutilisation":[55],"explainable":[57],"models\u2014with":[59],"88%":[60],"relying":[63],"non-explainable":[65],"approaches\u2014":[66],"sporadic":[68],"release":[69],"tools":[71],"as":[72],"open-source":[73],"and":[74,88,96],"an":[75],"over-reliance":[76],"proprietary":[78],"datasets.":[79],"Common":[80],"motivations":[81],"include":[84],"efficiency,":[85],"error":[86],"reduction,":[87],"cost":[89],"savings,":[90],"challenges":[92],"data":[94],"reliance,":[95],"integration":[97],"complexity.":[98]},"counts_by_year":[],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}