Go to Agents4Science 2025 Conference homepageArtificial Intelligence-Based Correlation and Prioritization of Security Incidents: A Critical Review
Keywords: Cybersecurity, Alert Correlation, Incident Prioritization, Artificial Intelligence, Machine Learning, Explainable AI (XAI).
TL;DR: We present a systematic review of AI-based methods for correlating and prioritizing security incidents, highlighting their evolution, strengths, limitations, and the need for explainable, data-efficient, and human-in-the-loop solutions.
Abstract: The proliferation of security detection systems has led to an overwhelming volume of alerts, causing critical "alert fatigue” in Security Operations Centers (SOCs) and masking genuine threats among a flood of false positives. Traditional rule-based correlation methods are no longer sufficient to handle the complexity and dynamism of modern cyberattacks. This paper conducts a critical and systematic review of the literature on the use of Artificial Intelligence (AI) for the correlation and prioritization of security incidents. Following the PRISMA methodology, this work analyzes and categorizes existing approaches, including rule-based, machine learning, deep learning, and hybrid models. The analysis reveals a clear evolution from static systems towards dynamic AI-driven solutions that demonstrate superior detection performance. However, this progress introduces a central dilemma: the most performant models, particularly in deep learning, often lack the interpretability essential for operational adoption. The review concludes that a significant gap persists between theoretical potential and practical readiness. Future research must therefore pivot towards developing robust, data-efficient, and truly explainable (XAI) systems to transform AI from a "black box" into a strategic partner for the augmented security analyst.
Submission Number: 28
Loading