Artificial intelligence algorithms in automated cyber incident response

Abstract

Advancements in cyber threats that are becoming more complicated and frequent have highlighted the need for intelligent and automated incident response systems, particularly in a high-risk region such as Ukraine. This experiment seeks to answer whether artificial intelligence (AI) algorithms are practical in cyber incident detection and response automation based on a custom dataset created with a focus on addressing the Ukraine threat situation, reflecting its particularities, and on a general-purpose benchmark dataset, CICIDS2017. Three AI models, Support Vector Machine (SVM), Random Forest (RF), and Long Short-Term Memory (LSTM), were considered in terms of accuracy of detection, F1-score, and the response time. Among these, LSTM was the best, showing a detection accuracy of 96.3%, because it is robust in identifying patterns in sequential attacks. RF had an optimal balance between performance and computational efficiency, where SVM was found to be moderate, particularly for less complex attacks. These findings show that the approach of using AI can be viable in future responses in strengthening the cybersecurity infrastructures of a nation. In addition, the study has practical implications for not only centralized systems but also resource-limited settings. It opens the way to further investigations on real-time implementation as well as hybrid AI model development.