Design and Computational Modeling of an AI-Based Automated Cybersecurity Incident Response System

IF 3.6 3区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Jiehao Zhang;Simin Li;Weiwei Huang;Haoxin Jing;Qin Zhang;Xing Xia
{"title":"Design and Computational Modeling of an AI-Based Automated Cybersecurity Incident Response System","authors":"Jiehao Zhang;Simin Li;Weiwei Huang;Haoxin Jing;Qin Zhang;Xing Xia","doi":"10.1109/ACCESS.2025.3603975","DOIUrl":null,"url":null,"abstract":"Modern cybersecurity operations face unsustainable alert volumes, averaging 22000 weekly alerts with 68% false positives, overwhelming defenses and delaying incident response due to limitations in conventional SOAR platforms. To address this, an AI-driven Automated Incident Response (AIR) system is proposed, integrating STIX/TAXII multimodal fusion for unified data ingestion, attention-LSTM networks for adaptive threat recognition across temporal sequences, Bayesian game-theoretic decision layers for strategic response planning, and DRL validation for real-time optimization. This architecture reduces false negatives by 42% in C2 tunneling detection and achieves Nash equilibrium in 97.3% of adversarial engagements. Rigorous testing on hybrid infrastructure datasets (100 K normal events, 20K DDoS, 5K C2 attacks) demonstrates a 93% mean F1-score across attack scenarios, end-to-end latency of 58.3 ms, and <inline-formula> <tex-math>$12.5\\times $ </tex-math></inline-formula> higher strategy updates/sec versus baselines. Compared to existing models, the system improves detection F1 by 10.7%, reduces false positives by 39%, and enhances energy efficiency to 1850 events/Joule (<inline-formula> <tex-math>$2.98\\times $ </tex-math></inline-formula> Snort). The framework establishes a new paradigm for agile, auditable incident response validated by STIX action chains.","PeriodicalId":13079,"journal":{"name":"IEEE Access","volume":"13 ","pages":"154383-154394"},"PeriodicalIF":3.6000,"publicationDate":"2025-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11145017","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Access","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11145017/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Modern cybersecurity operations face unsustainable alert volumes, averaging 22000 weekly alerts with 68% false positives, overwhelming defenses and delaying incident response due to limitations in conventional SOAR platforms. To address this, an AI-driven Automated Incident Response (AIR) system is proposed, integrating STIX/TAXII multimodal fusion for unified data ingestion, attention-LSTM networks for adaptive threat recognition across temporal sequences, Bayesian game-theoretic decision layers for strategic response planning, and DRL validation for real-time optimization. This architecture reduces false negatives by 42% in C2 tunneling detection and achieves Nash equilibrium in 97.3% of adversarial engagements. Rigorous testing on hybrid infrastructure datasets (100 K normal events, 20K DDoS, 5K C2 attacks) demonstrates a 93% mean F1-score across attack scenarios, end-to-end latency of 58.3 ms, and $12.5\times $ higher strategy updates/sec versus baselines. Compared to existing models, the system improves detection F1 by 10.7%, reduces false positives by 39%, and enhances energy efficiency to 1850 events/Joule ( $2.98\times $ Snort). The framework establishes a new paradigm for agile, auditable incident response validated by STIX action chains.
基于人工智能的自动网络安全事件响应系统设计与计算建模
现代网络安全运营面临着不可持续的警报量,平均每周发出22000次警报,其中68%为误报,由于传统SOAR平台的限制,防御系统势不可挡,并且延迟了事件响应。为了解决这一问题,提出了一种人工智能驱动的自动事件响应(AIR)系统,该系统集成了STIX/TAXII多模态融合以实现统一的数据摄入,注意力- lstm网络用于跨时间序列的自适应威胁识别,贝叶斯博弈论决策层用于战略响应规划,DRL验证用于实时优化。该架构在C2隧道检测中将误报率降低了42%,并在97.3%的对抗交战中实现了纳什平衡。对混合基础设施数据集(100k正常事件,20K DDoS, 5K C2攻击)的严格测试表明,攻击场景中的平均f1得分为93%,端到端延迟为58.3 ms,策略更新/秒比基线高12.5倍。与现有模型相比,该系统将检测F1提高了10.7%,将误报率降低了39%,并将能源效率提高到1850个事件/焦耳(2.98美元/ Snort)。该框架为经过STIX动作链验证的敏捷、可审计的事件响应建立了一个新的范例。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
IEEE Access
IEEE Access COMPUTER SCIENCE, INFORMATION SYSTEMSENGIN-ENGINEERING, ELECTRICAL & ELECTRONIC
CiteScore
9.80
自引率
7.70%
发文量
6673
审稿时长
6 weeks
期刊介绍: IEEE Access® is a multidisciplinary, open access (OA), applications-oriented, all-electronic archival journal that continuously presents the results of original research or development across all of IEEE''s fields of interest. IEEE Access will publish articles that are of high interest to readers, original, technically correct, and clearly presented. Supported by author publication charges (APC), its hallmarks are a rapid peer review and publication process with open access to all readers. Unlike IEEE''s traditional Transactions or Journals, reviews are "binary", in that reviewers will either Accept or Reject an article in the form it is submitted in order to achieve rapid turnaround. Especially encouraged are submissions on: Multidisciplinary topics, or applications-oriented articles and negative results that do not fit within the scope of IEEE''s traditional journals. Practical articles discussing new experiments or measurement techniques, interesting solutions to engineering. Development of new or improved fabrication or manufacturing techniques. Reviews or survey articles of new or evolving fields oriented to assist others in understanding the new area.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信