The Rise of Cognitive SOCs: A Systematic Literature Review on AI Approaches

Abstract

The increasing sophistication of cyber threats has led to the evolution of Security Operations Centers (SOCs) towards more intelligent and adaptive systems. This review explores the integration of Artificial Intelligence (AI) in SOCs, focusing on their current state, challenges, opportunities, and advantages over traditional methods. We address three key questions: (1) What are the current AI approaches in SOCs? (2) What challenges and opportunities exist with these approaches? (3) What benefits do AI models offer in SOC environments compared to traditional methods? We analyzed 38 studies using a structured methodology involving database searches, quality checks, and data extraction. Our findings show that Machine Learning (ML) techniques dominate SOC research, with a trend towards multi-approach AI methods. We classified these into ML, Natural Language Processing, multi-approach, and others, forming a detailed taxonomy of AI applications in SOCs. Challenges include data quality, model interpretability, legacy system integration, and the need for constant adaptation. Opportunities involve task automation, enhanced threat detection, real-time analysis, and adaptive learning. AI-driven SOCs show better accuracy, reduced false positives, greater scalability, and predictive capabilities than traditional approaches. This review defines Cognitive SOCs, emphasizing their ability to mimic human-like processes. We offer practical insights for SOC designers and managers on implementing AI to improve security operations. Finally, we suggest future research directions in explainable AI, human-AI collaboration, and privacy-preserving AI for SOCs.