Core Concepts
AI-driven security approaches, particularly those leveraging machine learning and deep learning, hold promise in automating security workflows and integrating security seamlessly into the DevOps process to achieve the DevSecOps paradigm.
Abstract
This paper presents a comprehensive landscape of existing AI-driven security techniques applicable to the DevOps process and identifies future research opportunities to enhance security, trust, and efficiency in software development.
The authors first identified 12 security tasks associated with the 5 steps of the DevOps process (Plan, Development, Code Commit, Build/Test/Deployment, Operation and Monitoring). They then reviewed 99 research papers from 2017 to 2023 to examine the existing AI-based security approaches for each of these tasks.
In the planning step, the authors did not find any relevant AI-based approaches for threat modeling and software impact analysis. In the development step, the authors identified AI-based methods for software vulnerability detection, classification, and automated repair. These approaches leverage techniques like recurrent neural networks, graph neural networks, and pre-trained language models to automate vulnerability-related tasks.
For the code commit step, the authors found AI-based approaches for securing CI/CD pipelines, including vulnerability prediction, explainable AI, and language model-based techniques. In the build, test, and deployment step, the authors identified AI-based methods for configuration validation and infrastructure scanning.
Finally, in the operation and monitoring step, the authors found AI-based approaches for log analysis, anomaly detection, and security in cyber-physical systems, utilizing techniques like recurrent neural networks, graph neural networks, and transformer models.
The authors also identified 15 key challenges faced by the existing AI-based security approaches, such as data imbalance, interpretability, and generalization. They derived future research opportunities to address these challenges and further enhance the integration of AI-driven security into the DevSecOps process.
Stats
"DevOps has emerged as one of the most rapidly evolving software development paradigms."
"Recently, the advancement of artificial intelligence (AI) has revolutionized automation in various software domains, including software security."
"We analyzed 99 research papers spanning from 2017 to 2023."
Quotes
"AI-driven security approaches, particularly those leveraging machine learning or deep learning, hold promise in automating security workflows."
"Integrating security into the DevOps workflow can impact agility and impede delivery speed."
"This paper seeks to contribute to the critical intersection of AI and DevSecOps by presenting a comprehensive landscape of AI-driven security techniques applicable to DevOps and identifying avenues for enhancing security, trust, and efficiency in software development processes."