The Paradigm of Hallucinations in AI-driven cybersecurity systems: Understanding taxonomy, classification outcomes, and mitigations

IF 4 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2025-04-04 DOI:10.1016/j.compeleceng.2025.110307

Aditya K Sood , Sherali Zeadally , EenKee Hong

{"title":"The Paradigm of Hallucinations in AI-driven cybersecurity systems: Understanding taxonomy, classification outcomes, and mitigations","authors":"Aditya K Sood , Sherali Zeadally , EenKee Hong","doi":"10.1016/j.compeleceng.2025.110307","DOIUrl":null,"url":null,"abstract":"<div><div>The adoption of AI to solve cybersecurity problems is occurring exponentially. However, AI-driven cybersecurity systems face significant challenges due to the impact of hallucinations in Large Language Models (LLMs). In AI-driven cybersecurity systems, hallucinations refer to instances when an AI model generates fabricated, inaccurate, and misleading information that impacts the security posture of organizations. This failure to recognize and misreport security threats identifies benign activities as malicious, invents insights not grounded to actual cyber threats, and causes real threats to go undetected due to erroneous interpretations. Hallucinations are a critical problem in AI-driven cybersecurity because they can lead to severe vulnerabilities, erode trust in automated systems, and divert resources to address non-existent threats. In cybersecurity, where real-time, accurate insights are vital, hallucinated outputs—such as mistakenly generated alerts, can cause a misallocation of time and resources. It is crucial to address hallucinations by improving LLM accuracy, grounding outputs in real-time data, and implementing human oversight mechanisms to ensure that AI-based cybersecurity systems remain trustworthy, reliable, and capable of defending against sophisticated threats. We present a taxonomy of hallucinations in LLMs for cybersecurity, including mapping LLM responses to classification outcomes (confusion matrix components). Finally, we discuss mitigation strategies to combat hallucinations.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"124 ","pages":"Article 110307"},"PeriodicalIF":4.0000,"publicationDate":"2025-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625002502","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

The adoption of AI to solve cybersecurity problems is occurring exponentially. However, AI-driven cybersecurity systems face significant challenges due to the impact of hallucinations in Large Language Models (LLMs). In AI-driven cybersecurity systems, hallucinations refer to instances when an AI model generates fabricated, inaccurate, and misleading information that impacts the security posture of organizations. This failure to recognize and misreport security threats identifies benign activities as malicious, invents insights not grounded to actual cyber threats, and causes real threats to go undetected due to erroneous interpretations. Hallucinations are a critical problem in AI-driven cybersecurity because they can lead to severe vulnerabilities, erode trust in automated systems, and divert resources to address non-existent threats. In cybersecurity, where real-time, accurate insights are vital, hallucinated outputs—such as mistakenly generated alerts, can cause a misallocation of time and resources. It is crucial to address hallucinations by improving LLM accuracy, grounding outputs in real-time data, and implementing human oversight mechanisms to ensure that AI-based cybersecurity systems remain trustworthy, reliable, and capable of defending against sophisticated threats. We present a taxonomy of hallucinations in LLMs for cybersecurity, including mapping LLM responses to classification outcomes (confusion matrix components). Finally, we discuss mitigation strategies to combat hallucinations.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.