Next-Gen SOC: Leveraging generative AI for scalable threat detection and AI-powered alert classification

Authors

  • Sudheer Kotilingala IBM Corporation

DOI:

https://doi.org/10.58524/app.sci.def.v3i3.670

Keywords:

Artificial Intelligence, Large Language Models, Security Threats, SIEM, SOC

Abstract

The volume of alerts produced by the SIEM system causes SOC analysts to experience alert fatigue, with actual security incidents obscured by more than fifty percent of notifications being considered false positives. This inefficiency causes delays in response times and puts organisations at risk due to insufficient resource allocation. We have, therefore, introduced a new framework in this paper, which incorporates LLMs into SOC initiatives. Overall, with the help of contextual understanding elements of LLMs, our framework concludes with 95,5% accuracy to classify the alerts as false positives or actual threats. The study’s results, therefore, validate less alert fatigue, improved systems functioning, and shorter time to critical security events using the proposed methodology. As a result, this paper outlines the proposed system’s description, development, and evaluation to determine its potential for future SOC operations.

References

Ali, G., Shah, S., & Elaffendi, M. (2025). Enhancing cybersecurity incident response: AI-driven optimization for strengthened advanced persistent threat detection. Results in Engineering, 25, 104078. https://doi.org/10.1016/j.rineng.2025.104078

Alwarafy, A., Al-Thelaya, K. A., Abdallah, M., Schneider, J., & Hamdi, M. (2020). A survey on security and privacy issues in edge-computing-assisted Internet of Things. IEEE Internet of Things Journal, 8(6), 4004-4022. https://doi.org/10.1109/JIOT.2020.3015432

Brown, T. B., Mann, B., Ryder, N., Subbiah, M., Kaplan, J., Dhariwal, P., Neelakantan, A., Shyam, P., Sastry, G., Askell, A., Agarwal, S., Herbert-Voss, A., Krueger, G., Henighan, T., Child, R., Ramesh, A., Ziegler, D. M., Wu, J., Winter, C., Hesse, C., Chen, M., Sigler, E., Litwin, M., Gray, S., Chess, B., Clark, J., Berner, C., McCandlish, S., Radford, A., Sutskever, I., & Amodei, D. (2020). Language models are few-shot learners. arXiv preprint arXiv: 2005.14165. https://doi.org/10.48550/arXiv.2005.14165

Ferrag, M. A., Maglaras, L. A., Moschoyiannis, S., & Janicke, H. (2020). Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. Journal of Information Security and Applications, 50, 102419. https://doi.org/10.1016/j.jisa.2019.102419

Ferrag, M. A., Ndhlovu, M., Tihanyi, N., Cordeiro, L. C., Debbah, M., Lestable, T., & Thandi, N. S. (2024). Revolutionising cyber threat detection with large language models: A privacy-preserving BERT-based lightweight model for IoT/IIoT devices. arXiv preprint arXiv: 2306.14263. https://doi.org/10.48550/arXiv.2306.14263

González-Granadillo, G., González-Zarzosa, S., & Diaz, R. (2021). Security information and event management (SIEM): analysis, trends, and usage in critical infrastructures. Sensors, 21(14), 4759. https://doi.org/10.3390/s21144759

Goodfellow, I., Pouget-Abadie, J., Mirza, M., Xu, B., Warde-Farley, D., Ozair, S., Aaron, C., & Bengio, Y. (2020). Generative adversarial nets. Communications of the ACM, 63(11), 139-144. https://doi.org/10.1145/3422622

Hassanin, M., & Moustafa, N. (2024). A comprehensive overview of large language models (LLMs) for cyber defenses: Opportunities and directions. arXiv preprint arXiv: 2405.14487. https://doi.org/10.48550/arXiv.2405.14487

Hyun, T. T., Nguyen, T. D., & Tan, H. (2019). A survey on security and privacy issues of blockchain technology. 2019 International Conference on System Science and Engineering (ICSSE). https://doi.org/10.1109/ICSSE.2019.8823094

Kshetri, N., Pandey, P. S., & Ahmed, M. (2025). Blockchain technology for cyber defense, cybersecurity, and countermeasures. CRC Press. https://doi.org/10.1201/9781003449515

Liang, X., Zhao, J., Shetty, S., Liu, J., & Li, D. (2017). Integrating blockchain for data sharing and collaboration in mobile healthcare applications. 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC), 46-57. https://doi.org/10.1109/PIMRC.2017.8292361

Lundberg, S. M., & Lee, S. I. (2017). A unified approach to interpreting model predictions. arXiv preprint arXiv: 1705.07874. https://doi.org/10.48550/arXiv.1705.07874

Moustafa, N., & Slay, J. (2016). The evaluation of network anomaly detection systems: Statistical analysis of the UNSW-NB15 dataset and the comparison with the KDD99 dataset. Information Security Journal: A Global Perspective, 25(1-3), 18-31. https://doi.org/10.1080/19393555.2015.1125974

Pathak, M., Mishra, K. N., & Singh, S. P. (2024). Securing data and preserving privacy in cloud IoT-based technologies an analysis of assessing threats and developing effective safeguard. Artificial Intelligence Review, 57(269), 1-46. https://doi.org/10.1007/s10462-024-10908-x

Radford, A., Narasimhan, K., Salimans, T., & Sutskever, I. (2018). Improving language understanding by generative pre-training. OpenAI preprint. 1-12. Retrieved from https://cdn.openai.com/research-covers/language-unsupervised/language_understanding_paper.pdf

Reddy, V. S. S., & Reddy, N. (2024). AI-powered language models enhance natural language understanding and generation. International Journal of Artificial Intelligence & Machine Learning (IJAIML), 3(02), 101-115. https://lib-index.com/index.php/IJAIML/article/view/IJAIML_03_02_008

Salah, K., Rehman, M. H. U., Nizamuddin, N., & Al-Fuqaha, A. (2019). Blockchain for AI: Review and open research challenges. IEEE Access, 7, 10127-10149. https://doi.org/10.1109/ACCESS.2018.2890507

Shaukat, K., Luo, S., Varadharajan, V., Hameed, I. A., & Xu, M. (2020). A survey on machine learning techniques for cyber security in the last decade. IEEE Access, 8, 219308-219323. http://dx.doi.org/10.1109/ACCESS.2020.3041951

Sun, P. (2020). Security and privacy protection in cloud computing: Discussions and challenges. Journal of Network and Computer Applications, 160, 102642. https://doi.org/10.1016/j.jnca.2020.102642

Yadav, T., & Rao, A. M. (2015). Technical aspects of cyber kill chain. Proceedings of the International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2354-2360. http://dx.doi.org/10.1007/978-3-319-22915-7_40

Downloads

Published

2025-12-30

Issue

Vol. 3 No. 3 (2025): International Journal of Applied Mathematics, Sciences, and Technology for National Defense

Section

Articles

License

Copyright (c) 2025 Sudheer Kotilingala

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

How to Cite

Kotilingala, S. (2025). Next-Gen SOC: Leveraging generative AI for scalable threat detection and AI-powered alert classification. International Journal of Applied Mathematics, Sciences, and Technology for National Defense, 3(3), 143-152. https://doi.org/10.58524/app.sci.def.v3i3.670