Article Sidebar

Submitted
27 January 2024
Accepted
1 May 2024
Published
14 June 2024
Download
PDF (Bahasa Indonesia)
Statistic
Read Counter : 48 Download : 20

Downloads

Download data is not yet available.

Main Article Content

Abstract

The integration of artificial intelligence (AI) in Security Orchestration, Automation, and Response (SOAR) promises to revolutionise cybersecurity operations. The adoption of AI-powered SOAR technologies can help organisations improve their resilience to cyberattacks. Some research proposes the use of SOAR engines that can deploy customised honeypots and identify attacks, whereas others integrate artificial intelligence to improve situational understanding and response to security threats. The use of AI/ML technologies in cybersecurity can improve the effectiveness of SOC analysts in detecting, preventing, and responding to security attacks in ways such as better threat detection, automation of routine tasks, faster and more accurate data analysis, improved response to attacks, and reduced workload. Detection capabilities on the SOAR engine include HTTP IDS, Botnet, and DDoS detection, using machine learning models trained on various types of data. The SOAR engine is also equipped with other security threat detection capabilities, such as behavioural analysis, log analysis, malware analysis and threat intelligence analysis. SOAR systems equipped with artificial neural network-based machine learning are capable of analysing data in real-time and performing threat detection quickly. Thus, the use of AI technology and real-time analysis helps to reduce the workload of security professionals and increase efficiency in dealing with cyberattacks.

Keywords

Kecerdasan Buatan SOAR Honeypot SIEM Artificial Intelligence SOAR Honeypot SIEM

Article Details

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Author Biographies

Venny Gustina DM, Politeknik Caltex Riau

Magister Terapan Teknik KomputerPoliteknik Caltex Riau

Ananda Ananda, Politeknik Caltex Riau

Magister Terapan Teknik KomputerPoliteknik Caltex Riau
How to Cite
Gustina DM, V., & Ananda, A. (2024). Artificial Intelligence for Security Orchestration, Automation and Response: A Scope Overview. Jurnal Komputer Terapan, 10(1), 36–47. https://doi.org/10.35143/jkt.v10i1.6247
Download Citation
Endnote/Zotero/Mendeley (RIS)
BibTeX

References

  1. J. Johnson, C. B. Jones, A. Chavez, and S. Hossain-McKenzie, “SOAR4DER: Security Orchestration, Automation, and Response for Distributed Energy Resources.” Power Systems Cybersecurity, pp. 387-411, Feb. 2023, doi: 10.1007/978-3-031-20360-2_16.
  2. M. Lee, J. Jang-Jaccard, and J. Kwak, “Novel Architecture of Security Orchestration, Automation and Response internet of Blended Environment.” Computers, Materials & Continua, vol. 73, no. 1, pp. 199-223, Mar. 2022, doi: 10.32604/cmc.2022.028495.
  3. U. Bartwal, S. Mukhopadhyay, R. Negi, and S. Shukla, “Security Orchestration, Automation, and Response Engine for Deployment of Behavioural Honeypots.” 2022 IEEE Conference on Dependable and Secure Computing (DSC), Sep. 2022,
  4. doi: 10.1109/dsc54232.2022.9888808
  5. R. Vast, S. Sawant, A. Thorbole, and V. Badgujar, “Artificial Intelligence based Security Orchestration, Automation and Response System.” 2021 6th International Conference for Convergence in Technology (I2CT), May 2021, doi: 10.1109/i2ct51068.2021.9418109.
  6. J. Kinyua and L. Awuah, “AI/ML in Security Orchestration, Automation and Response: Future Research Directions.” Intelligent Automation & Soft Computing, vol. 28, no. 2, pp. 527-545, Apr. 2021, doi: 10.32604/iasc.2021.016240.
  7. K. Fysarakis, “PHOENI2X – A European Cyber Resilience Framework With Artificial-Intelligence-Assisted Orchestration, Automation & Response Capabilities for Business Continuity and Recovery, Incident Response, and Information Exchange.” 2023 IEEE International Conference on Cyber Security and Resilience (CSR), Aug. 2023, doi: 10.1109/csr57506.2023.10224995.
  8. SANS. “Incident Response Steps and Frameworks for SANS and NIST.” 2020. https://cybersecurity.att.com/blogs/security-essentials/incident-response-steps-comparison-guide (accessed: Dec. 31, 2023).
  9. M. Alshamkhany, W. Alshamkhany, M. Mansour, M. Khan, S. Dhou, and F. Aloul, “Botnet Attack Detection using Machine Learning.” 2020 14th International Conference on Innovations in Information Technology (IIT), pp. 203-208, Dec. 2020,
  10. doi: 10.1109/iit50501.2020.9299061.
  11. Capgemini Research Institute. “Reinventing cybersecurity with artificial intelligence, the new frontier in digital security.” 2019. https://www.capgemini.com/wp-content/uploads/2019/07/AI-in-Cybersecurity_Report_20190711_V06.pdf (accessed: Jan. 18, 2024).
  12. S. Sambangi and L. Gondi, "A machine learning approach for ddos (distributed denial of service) attack detection using multiple linear regression", Proceedings, vol. 63, no. 1, Dec. 2020, doi: 10.3390/proceedings2020063051.
  13. C. Islam, M. A. Babar, and S. Nepal, “A Multi-Vocal Review of Security Orchestration.” ACM Computing Surveys, vol. 52, no. 2, pp. 1-45, Apr. 2019, doi: 10.1145/3305268.
  14. Y. Zheng, A. Pal, S. Abuadbba, S. R. Pokhrel, S. Nepal, and H. Janicke, “Towards IoT Security Automation and Orchestration.” 2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), Oct. 2020,
  15. doi: 10.1109/tps-isa50397.2020.00018.
  16. M. Hafiz, and B. Soewito, “Information Security Systems Design Using SIEM, SOAR and Honeypot.” Jurnal Pendidikan Tambusai, vol. 6, no. 2, pp. 15527-15541, Aug. 2022, doi: 10.31004/jptam.v6i2.4850.
  17. P. Cichonski, T. Millar, T. Grance, and K. Scarfone, “Computer Security Incident Handling Guide : Recommendations of the National Institute of Standards and Technology.” Aug. 2012, doi: 10.6028/nist.sp.800-61r2.
  18. K. K. Watson. “Orchestration of Information Technology (IT) Automation Frameworks.” Apr.2021.https://www.cisa.gov/sites/default/files/publications/Orchestration%2520of%2520Information%2520Technology%2520Automation%2520Frameworks_508c.pdf (accessed: Dec. 31, 2023).
  19. I. P. E. D. Nugraha, “A Review on the Role of Modern SOC in Cybersecurity Operations.” International Journal of Current Science Research and Review, vol. 4, no. 5, May 2021, doi: 10.47191/ijcsrr/v4-i5-13.