The incorporation of Artificial Intelligence (AI) into cybersecurity has become widespread, largely propelled by the emergence of Generative AI (GenAI) and Large Language Models (LLMs). While these technologies promise to revolutionize threat detection, they introduce profound challenges regarding explainability, trust, and deployment feasibility in resource-constrained environments. Current research often exhibits a form of technological determinism, prioritizing algorithmic performance over the operational realities of Security Operations Centers (SOCs). This paper presents a hybrid qualitative Systematic Literature Review (SLR) and Mapping Study, adhering to the Preferred Reporting Items for Systematic reviews and Meta-Analyses (PRISMA) 2020 guidelines. Our research questions are narrowly focused, seeking to explore how four key domains intersect: (1) Explainable AI (XAI) methods; (2) cybersecurity operations; (3) human-centered design; and (4) the constraints inherent to edge computing. From an initial corpus of 385 records drawn from Scopus and OpenAlex (spanning a search window from 2014 to 2025, with relevant findings heavily clustered in the 2020–2025 period), included studies were evaluated using a quality assessment protocol adapted from Kitchenham's guidelines, scoring each study on a 0–24 scale across four dimensions (Venue Quality, Methodological Rigor, Dataset Realism, and Depth of XAI/Human Validation). The results reveal a significant "validation gap": while 63% of studies claim human-centric relevance, only ~22% incorporate empirical validation with human operators. Furthermore, we identify a critical trade-off between the reasoning power of cloud-based LLMs and the privacy requirements of Edge security. We conclude by proposing a research agenda for "Cognitive SOCs", emphasizing the need for Small Language Models (SLMs), standardized human-centric metrics, and robust hallucination detection mechanisms.
Connecting the Dots: A Systematic Literature Review of Explainable AI, Cybersecurity, Human-Centered Design and Edge Computing
Fabrizio BenelliConceptualization
;
2026-01-01
Abstract
The incorporation of Artificial Intelligence (AI) into cybersecurity has become widespread, largely propelled by the emergence of Generative AI (GenAI) and Large Language Models (LLMs). While these technologies promise to revolutionize threat detection, they introduce profound challenges regarding explainability, trust, and deployment feasibility in resource-constrained environments. Current research often exhibits a form of technological determinism, prioritizing algorithmic performance over the operational realities of Security Operations Centers (SOCs). This paper presents a hybrid qualitative Systematic Literature Review (SLR) and Mapping Study, adhering to the Preferred Reporting Items for Systematic reviews and Meta-Analyses (PRISMA) 2020 guidelines. Our research questions are narrowly focused, seeking to explore how four key domains intersect: (1) Explainable AI (XAI) methods; (2) cybersecurity operations; (3) human-centered design; and (4) the constraints inherent to edge computing. From an initial corpus of 385 records drawn from Scopus and OpenAlex (spanning a search window from 2014 to 2025, with relevant findings heavily clustered in the 2020–2025 period), included studies were evaluated using a quality assessment protocol adapted from Kitchenham's guidelines, scoring each study on a 0–24 scale across four dimensions (Venue Quality, Methodological Rigor, Dataset Realism, and Depth of XAI/Human Validation). The results reveal a significant "validation gap": while 63% of studies claim human-centric relevance, only ~22% incorporate empirical validation with human operators. Furthermore, we identify a critical trade-off between the reasoning power of cloud-based LLMs and the privacy requirements of Edge security. We conclude by proposing a research agenda for "Cognitive SOCs", emphasizing the need for Small Language Models (SLMs), standardized human-centric metrics, and robust hallucination detection mechanisms.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
