A Systematic Mapping Study on Approaches for AI-Supported Security Risk Assessment

Abstract

Effective assessment of cyber risks in the increasingly dynamic threat landscape must be supported by artificial intelligence techniques due to their ability to dynamically scale and adapt. This article provides the state of the art of AI-supported security risk assessment approaches in terms of a systematic mapping study. The overall goal is to obtain an overview of security risk assessment approaches that use AI techniques to identify, estimate, and/or evaluate cyber risks. We carried out the systematic mapping study following standard processes and identified in total 33 relevant primary studies that we included in our mapping study. The results of our study show that on average, the number of papers about AI-supported security risk assessment has been increasing since 2010 with the growth rate of 133% between 2010 and 2020. The risk assessment approaches reported have mainly been used to assess cyber risks related to intrusion detection, malware detection, and industrial systems. The approaches focus mostly on identifying and/or estimating security risks, and primarily make use of Bayesian networks and neural networks as supporting AI methods/techniques.