Autonomous Agentic AI Architectures for Optimizing Security Operations Centers (SOC) KPIS: Methodology, Impact on Detection, Response, and Recovery

Agyepong, E., Cherdantseva, Y., Reinecke, P. & Burnap, P. (2022). A systematic method for measuring the performance of a cyber security operations centre analyst. Computers & Security, 117, 102959. Available at: https://doi.org/10.1016/j.cose.2022.102959. Search in Google Scholar

Ali, G., Shah, S., & ElAffendi, M. (2025). Enhancing cybersecurity incident response: AI-driven optimization for strengthened advanced persistent threat detection. Results in Engineering, 21, 104078. Available at: https://doi.org/10.1016/j.rineng.2025.104078. Search in Google Scholar

Arrieta, A.B., et al. (2020). Explainable Artificial Intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI. Information Fusion, 58, 82-115. Available at: https://doi.org/10.1016/j.inffus.2019.12.012. Search in Google Scholar

Chen, T., & Guestrin, C. (2016). XGBoost: A scalable tree boosting system. Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 785-794. Available at: https://doi.org/10.1145/2939672.2939785. Search in Google Scholar

CICIDS2017 Dataset. (n.d.). Canadian Institute for Cybersecurity. Retrieved from: https://www.unb.ca/cic/datasets/ids-2017.html. Search in Google Scholar

CSE-CIC-IDS2018 Dataset. (n.d.). Canadian Institute for Cybersecurity. Retrieved from: https://www.unb.ca/cic/datasets/ids-2018.html. Search in Google Scholar

CTU-13 Botnet Dataset. (n.d.). Retrieved from: https://github.com/imfaisalmalik/CTU13-CSV-Dataset. Search in Google Scholar

Devlin, J., Chang, M.-W., Lee, K., & Toutanova, K. (2019). BERT: Pre-training of deep bidirectional transformers for language understanding. Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Vol. 1, 4171-4186. Available at: https://doi.org/10.18653/v1/N19-1423. Search in Google Scholar

Forsberg, J. & Frantti, T. (2023). Technical performance metrics of a security operations center. Computers & Security, 127, 103529. Available at: https://doi.org/10.1016/j.cose.2023.103529. Search in Google Scholar

Ke, G., et al. (2017). LightGBM: A highly efficient gradient boosting decision tree. Advances in Neural Information Processing Systems, 30, 3146-3154. Available at: https://www.researchgate.net/publication/378480234_LightGBM_A_Highly_Efficient_Gradient_Boosting_Decision_Tree. Search in Google Scholar

Le, T.D., Le-Dinh, T., & Uwizeyemungu, S. (2025). Cybersecurity analytics for the enterprise environment: A systematic literature review. Electronics, 14(11), 2252. Available at: https://doi.org/10.3390/electronics14112252. Search in Google Scholar

Li, X., Shi, W., Zhang, H., Peng, C., Wu, S., & Tong, W. (2025). The Agentic-AI core: An AI-empowered, mission-oriented core network for next-generation mobile telecommunications. Engineering, 21(6), Article 100503. Available at: https://doi.org/10.1016/j.eng.2025.06.027. Search in Google Scholar

Lopez-Martin, M., Carro, B., Sanchez-Esguevillas, A., & Lloret, J. (2017). Network traffic classifier with convolutional and recurrent neural networks for Internet of Things. IEEE Access, 5, 18042-18050. Available at: https://doi.org/10.1109/ACCESS.2017.2747560. Search in Google Scholar

Omar, L., & Ivrissimtzis, I. (2020). Using theoretical ROC curves for analysing machine learning binary classifiers. Pattern Recognition Letters, 133, 51-58. Available at: https://doi.org/10.1016/j.patrec.2019.10.004. Search in Google Scholar

Roumeliotis, K.I., Tselikas, N.D., & Nasiopoulos, D.K. (2025). Optimizing airline review sentiment analysis: A comparative analysis of LLaMA and BERT models through fine-tuning and few-shot learning. Computers, Materials & Continua, 82(2), 2781-2798. Available at: https://doi.org/10.32604/cmc.2025.059567. Search in Google Scholar

Schesmu, T. (2024). AI-powered SOC: Automating incident response with machine learning and SOAR tools. Medium. Retrieved from: https://medium.com/@akramtalibi1902/ai-powered-soc-automating-incident-response-with-machine-learning-and-soar-tools-70ab343e9402. Search in Google Scholar

Sopan, A., Berninger, M., Mulakaluri, M., & Katakam, R. (2018). Building a machine learning model for the SOC, by the input from the SOC, and analyzing it for the SOC. Proceedings of the 15th IEEE Symposium on Visualization for Cyber Security (VizSec), Article 8709231. Available at: https://doi.org/10.1109/VIZSEC.2018.8709231. Search in Google Scholar

Sowmya, T., & Mary Anita, E.A. (2023). A comprehensive review of AI based intrusion detection system. Measurement: Sensors, 26, 100827. Available at: https://doi.org/10.1016/j.measen.2023.100827. Search in Google Scholar

Wazuh Cloud Demo. (n.d.). Wazuh Inc. Retrieved from https://demo.wazuh.com. Search in Google Scholar

Język:: Angielski

Częstotliwość wydawania:: 4 razy w roku
Dziedziny czasopisma:: Biznes i ekonomia, Zarządzanie biznesem, Zarządzanie przedsiębiorstwem, inne, Inżynieria, Elektrotechnika, Podstawy elektrotechniki, Nauki społeczne, Politologia, Politologia, inne, Edukacja, Edukacja, inne

Kanał RSS czasopisma

Autonomous Agentic AI Architectures for Optimizing Security Operations Centers (SOC) KPIS: Methodology, Impact on Detection, Response, and Recovery

Miroslav Stefanov

Kristyan Stefanov

Laxima Niure Kandel

Sean Crouse

Boyan Jekov

Data publikacji: 18 wrz 2025

Zakres stron: 479 - 493

DOI: https://doi.org/10.2478/raft-2025-0046

Słowa kluczoweAgentic AI, SOC optimization, KPI automation, machine learning, cybersecurity

© 2025 Miroslav Stefanov et al., published by Sciendo

This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License.

Słowa kluczowe
Agentic AI, SOC optimization, KPI automation, machine learning, cybersecurity