Advancing Security Monitoring with Artificial Intelligence

Artificial intelligence (AI) techniques vastly improve the effectiveness of security monitoring through data analysis, resulting in better threat detection, faster incident response, and robust security posture. AI techniques, particularly machine learning (ML) and deep learning (DL) analyze diverse data sources, like network traffic logs, system logs and events, access control records, video surveillance footage, social media, and other open-source intelligence, for security monitoring. This article discusses several studies that reflect the growing importance of AI in security monitoring.

Image credit: Tapati Rinchumrus/Shutterstock
Image credit: Tapati Rinchumrus/Shutterstock

Optical Network Security Monitoring

The secure and reliable operation of optical networks, a critical communication infrastructure supporting consistent network traffic growth, is essential for diverse applications and services. Optical network building blocks, like amplifiers, switches, and optical fibers, have inherent vulnerabilities, which can be exploited to execute physical-layer attacks to disrupt services. Attack methods can significantly differ in their damaging potential, sophistication, and difficulty in counteracting and detecting them.

The physical-layer attack techniques have complex effects on optical channel parameters, which make their detection extremely challenging. ML-driven automation of network diagnosis and management facilitates the cost-efficient management of complex optical communication networks. The recent proliferation of ML techniques in optical networking has led to the development of robust methods for automated and cognitive management of optical security.

These techniques successfully detected unauthorized signals in the network and identified jamming and polarization scrambling attacks. A study published in the Journal of Lightwave Technology presented an ML-based framework for autonomous and cognitive security diagnostics of physical-layer security in optical networks.

The framework comprised attack identification and detection modules that leveraged semi-supervised learning (SSL), unsupervised learning (UL), and supervised learning (SL) approaches to detect attacks and identify their intensity and type. The framework also consisted of a module for connection- and linkwise localization of attacks/an attack localization module that deduced the location of a breached link/harmful connection. This entire framework was incorporated into network management systems (NMS).

Additionally, the study proposed a window-based attack detection (WAD) approach to improve the performance of ML approaches by addressing the influence of false negatives and false positives. The performance of the ML approaches used in the proposed framework was evaluated in the study. Specifically, artificial neural networks (ANN), one-class support vector machine (OCSVM), and density-based spatial clustering of applications with noise (DBSCAN) were chosen for SL, SSL, and UL, respectively, owing to their state-of-the-art (SOTA) performance in many tasks.

Python and the Scikit-learn implementation were utilized to perform the evaluation using a dataset containing a total of 20,160 samples. ANN displayed a very high accuracy by achieving the maximum F1 score of one, with no false positives or false negatives.

Although the OCSVM approach also demonstrated good accuracy, it attained the highest F1 score of 0.963, which is lower than ANN. DBSCAN showed significantly lower accuracy, with the highest F1 score of 0.8. Thus, WAD was used to overcome the inaccuracies of only UL and SSL as ANN did not generate any false positives or false negatives. Results displayed that the proposed WAD approach effectively addressed the impact of false negatives and false positives, ensuring the reliable application of SSL and UL models during the optical network operation.

Network Security Monitoring

The emergence and rapid development of AI technology, big data, and mobile communication have led to the constant intellectualization of network infrastructure and security. This resulted in the wide adoption of information technology in industrial control, which increased the importance of network security monitoring.

A paper published in the Journal of Physics: Conference Series presented a DL-based network security monitoring method and examined its feasibility. Non-invasive network security monitoring was realized through the collection of data, feature extraction, and training the neural network model using the network security power consumption information.

This method could detect network security information attacks that are not detectable at the network level and improve the overall security performance of the network. Results demonstrated that the DL-based network security monitoring method increased the network security efficiency by 24%.

Smart Cyber-physical Grid Security Monitoring

The development of power systems and smart grid technologies have become vital with the surging demand for electrical energy. Smart grids are the new generation power systems applying intelligent features and tools to provide higher manageability, reliability, stability, and performance.

However, higher vulnerability to cyberattacks due to the reliance on information and communication technology systems is a big challenge for power systems/smart grids. A paper published in Security of Cyber-Physical Systems evaluated several ML algorithms to detect attacks to address this challenge.

Initially, the attacks on a dataset from a smart grid were detected using ML algorithms, and then the results were compared based on f-score. Random forest (RF) displayed the best performance when the test time/score time was ignored, while the k-nearest neighbor (KNN) demonstrated a great performance considering all aspects.

Context-aware Security Monitoring

ML techniques are receiving attention in intrusion detection due to the rising volume of data produced by monitoring tools and the growing sophistication shown by attackers in concealing their activity. However, the existing approaches for intrusion detection have several important limitations related to the relevance and quantity of the generated alerts. Recently, knowledge graphs have been adopted in the cybersecurity domain to alleviate a number of these drawbacks as they seamlessly integrate data from several domains using human-understandable vocabularies.

A study published at the 2021 IEEE International Conference on Cyber Security and Resilience (CSR) discussed using ML on knowledge graphs for intrusion detection and experimentally evaluated a link-prediction method for scoring anomalous activity in industrial systems.

Specifically, researchers applied relational learning on knowledge graphs for security monitoring and intrusion detection. The graph embedding methods' collective learning properties enable the resulting models to generalize beyond individual observations, benefiting from the rich set of relationship and entity types.

Thus, this approach ensures efficient utilization of training data, potentially shorter baselining periods, and inherent effectiveness against false alarms in the presence of previously unobserved events. The proposed method was tested using an industrial automation system prototype across diverse scenarios. After the initial unsupervised training, the method generated intuitively interpretable and well-calibrated alerts in different scenarios.

Specifically, it effectively leveraged the context information to produce a meaningful range of severity scores, which is useful in the intrusion detection systems (IDS) setting as observations are typically not easily categorized as completely malicious or benign a priori. Thus, this study effectively displayed the feasibility of using relational ML on knowledge graphs for security monitoring.

Face Detection in Security Monitoring

The rapid development of video monitoring has led to massive monitoring image generation that has exceeded the processing range of human resources. Thus, intelligent video retrieval technology has become an indispensable part of video monitoring systems to process such information.

This technology integrates AI, computer vision, and video processing to substantially improve the efficiency of monitoring and the linkage and accuracy of monitoring systems. Emerging technologies like face recognition are increasingly being applied to the security monitoring system.

A study published in IEEE Access presented a video-oriented cascaded intelligent face detection algorithm based on the face detection neural network and DL theory. This algorithm builds a DL network by cascading several features, including semantic, edge, contour, and local features, and advances layer by layer. Based on the semantic features, the input data information is obtained to precisely achieve face detection under non-ideal conditions.

Simulation results in the study demonstrated that the proposed intelligent face detection algorithm attained good detection performance for multi-face and single-face images. The method also had strong robustness for rotating faces. Moreover, the algorithm was also fast and could effectively meet the real-time face detection requirements.

To summarize, AI is transforming security monitoring from optical networks to smart grids. However, bias, cost, complexity, and data quality-related issues must be mitigated to implement AI on a wider scale.

References and Further Reading

Furdek, M., Natalino, C., Lipp, F., Hock, D., Di Giglio, A., Schiano, M. (2020). Machine learning for optical network security monitoring: A practical perspective. Journal of Lightwave Technology, 38(11), 2860-2871.

Yu, T., Yin, X., Yao, M., Liu, T. (2021). Network security monitoring method based on deep learning. Journal of Physics: Conference Series, 1955, 1, 012040.

Rouzbahani, H.M., Faraji, Z., Amiri-Zarandi, M., Karimipour, H. (2020). AI-Enabled Security Monitoring in Smart Cyber Physical Grids. Security of Cyber-Physical Systems.

Garrido, J. S., Dold, D., Frank, J. (2021). Machine learning on knowledge graphs for context-aware security monitoring. 2021 IEEE International Conference on Cyber Security and Resilience (CSR), 55-60.

Dong, Z., Wei, J., Chen, X., Zheng, P. (2020). Face detection in security monitoring based on artificial intelligence video retrieval technology. IEEE Access, 8, 63421-63433.

Last Updated: Feb 13, 2024

Samudrapom Dam

Written by

Samudrapom Dam

Samudrapom Dam is a freelance scientific and business writer based in Kolkata, India. He has been writing articles related to business and scientific topics for more than one and a half years. He has extensive experience in writing about advanced technologies, information technology, machinery, metals and metal products, clean technologies, finance and banking, automotive, household products, and the aerospace industry. He is passionate about the latest developments in advanced technologies, the ways these developments can be implemented in a real-world situation, and how these developments can positively impact common people.


Please use one of the following formats to cite this article in your essay, paper or report:

  • APA

    Dam, Samudrapom. (2024, February 13). Advancing Security Monitoring with Artificial Intelligence. AZoAi. Retrieved on April 16, 2024 from

  • MLA

    Dam, Samudrapom. "Advancing Security Monitoring with Artificial Intelligence". AZoAi. 16 April 2024. <>.

  • Chicago

    Dam, Samudrapom. "Advancing Security Monitoring with Artificial Intelligence". AZoAi. (accessed April 16, 2024).

  • Harvard

    Dam, Samudrapom. 2024. Advancing Security Monitoring with Artificial Intelligence. AZoAi, viewed 16 April 2024,


The opinions expressed here are the views of the writer and do not necessarily reflect the views and opinions of AZoAi.
Post a new comment

While we only use edited and approved content for Azthena answers, it may on occasions provide incorrect responses. Please confirm any data provided with the related suppliers or authors. We do not provide medical advice, if you search for medical information you must always consult a medical professional before acting on any information provided.

Your questions, but not your email details will be shared with OpenAI and retained for 30 days in accordance with their privacy principles.

Please do not ask questions that use sensitive or confidential information.

Read the full Terms & Conditions.