pith. sign in

arxiv: 2509.10858 · v2 · pith:VN7AB2DAnew · submitted 2025-09-13 · 💻 cs.CR · cs.AI

Large Language Models for Security Operations Centers: A Comprehensive Survey

classification 💻 cs.CR cs.AI
keywords knowledgellmssocssurveychallengescomprehensivedetectiondomains
0
0 comments X
read the original abstract

Large Language Models (LLMs) have emerged as powerful tools capable of understanding and generating human-like text, offering transformative potential across diverse domains. The Security Operations Center (SOC), responsible for safeguarding digital infrastructure, represents one of these domains. SOCs serve as the frontline of defense in cybersecurity, tasked with continuous monitoring, detection, and response to incidents. However, SOCs face persistent challenges such as high alert volumes, limited resources, high demand for experts with advanced knowledge, delayed response times, and difficulties in leveraging threat intelligence effectively. In this context, LLMs can offer promising solutions by automating log analysis, streamlining triage, improving detection accuracy, and providing the required knowledge in less time. This survey systematically explores the integration of generative AI and more specifically LLMs into SOC workflow, providing a structured perspective on its capabilities, challenges, and future directions. We believe that this survey offers researchers and SOC managers a broad overview of the current state of LLM integration within academic study. To the best of our knowledge, this is the first comprehensive study to examine LLM applications in SOCs in details.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 3 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Decomposing Memorization Reduction in Privacy-Preserving Fine-Tuning of SLMs for CSIRTs

    cs.CR 2026-06 unverdicted novelty 6.0

    Controlled experiments across 96 LoRA adapters show that reduced optimizer updates explain nearly all observed memorization drops in DP-SGD fine-tuning, HMAC pseudonymization cuts exposure 40-61% without creating new ...

  2. Strengthening Human-Centric Chain-of-Thought Reasoning Integrity in LLMs via a Structured Prompt Framework

    cs.CR 2026-04 unverdicted novelty 5.0

    A 16-factor structured prompt framework strengthens CoT reasoning in LLMs for security analysis, yielding up to 40% reasoning gains in smaller models and stable accuracy improvements validated by human raters with Coh...

  3. AI-Driven Security Alert Screening and Alert Fatigue Mitigation in Security Operations Centers: A Comprehensive Survey

    cs.CR 2026-05 unverdicted novelty 3.0

    A literature survey synthesizes 119 studies on AI-driven alert screening into a four-stage taxonomy of filtering, triage, correlation, and generative augmentation while identifying gaps in deployment realism and robustness.