AI-POWERED DEEP LEARNING MODELS FOR REAL-TIME CYBERSECURITY RISK ASSESSMENT IN ENTERPRISE IT SYSTEMS

Abstract

This study presents a systematic review of the rapidly growing body of research on AI-powered deep learning models for real-time cybersecurity risk assessment in enterprise IT systems, a domain where accurate and timely risk estimation has become critical for safeguarding large-scale digital infrastructures. Following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines, an initial pool of 2,347 scholarly articles published between 2010 and 2024 was identified across major scientific databases, of which 142 met the inclusion criteria after rigorous multi-phase screening for relevance, methodological quality, and direct alignment with the study’s scope. These selected studies collectively demonstrate how deep learning architectures—particularly convolutional neural networks (CNNs), recurrent neural networks (RNNs), long short-term memory (LSTM) networks, transformer-based attention models, and graph neural networks (GNNs)—have advanced the analytical capacity to process high-dimensional, heterogeneous security telemetry including network flows, authentication logs, endpoint detection and response (EDR) events, DNS/HTTP traffic, and host–user–process relationships. The review found that these models consistently outperform traditional signature-based and statistical machine learning techniques in detecting complex, low-signal threats, while supporting continuous risk scoring in real-time environments. A major thematic pattern across the 142 reviewed studies was the operational embedding of these models within distributed streaming frameworks, where they achieve sub-second inference latency and integrate with Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems to drive automated incident response workflows. However, the synthesis also revealed persistent challenges, including heavy reliance on synthetic or staged datasets with limited realism, fragmented evaluation practices emphasizing accuracy over operational metrics, and scarce evidence from longitudinal, production-scale deployments. Overall, this review consolidates the state of knowledge from 142 studies to provide a structured, evidence-based understanding of how deep learning has become the analytical core of real-time enterprise cybersecurity risk assessment, while also identifying methodological and infrastructural gaps that shape the reliability of current approaches.