On the use of neurosymbolic AI for defending against cyber attacks

TL;DR

The paper addresses defending assets against cyber attacks by proposing a neurosymbolic AI (NeSy) approach that integrates machine learning with symbolic reasoning in a Security Operations Center (SOC) context. It reviews AI challenges in SOCs, outlines NeSy use cases across monitoring, analysis, planning, and knowledge sharing, and presents two proof-of-concept experiments (LTN for knowledge-aware intrusion detection; LLMs+ASP for situational awareness) to demonstrate feasibility. The results show that incorporating symbolic knowledge can improve precision and enable reasoning over CTI and attack patterns, albeit in simplified settings. The work highlights NeSy as a promising direction to enhance detection accuracy, contextual understanding, and timely, risk-aware incident response in cybersecurity, and calls for more dataset resources and broader validation.

Abstract

It is generally accepted that all cyber attacks cannot be prevented, creating a need for the ability to detect and respond to cyber attacks. Both connectionist and symbolic AI are currently being used to support such detection and response. In this paper, we make the case for combining them using neurosymbolic AI. We identify a set of challenges when using AI today and propose a set of neurosymbolic use cases we believe are both interesting research directions for the neurosymbolic AI community and can have an impact on the cyber security field. We demonstrate feasibility through two proof-of-concept experiments.