A cyber security data triage operation retrieval system

Chen Zhong, Tao Lin, Peng Liu, John Yen, Kai Chen

Research output: Contribution to journalArticle

2 Scopus citations

Abstract

Data triage is a fundamental stage of cyber defense analysis for achieving cyber situational awareness in a Security Operations Center (SOC). It has a high requirement for cyber security analysts’ capabilities of information processing and expertise in cyber defense. However, the present situation is that most novice analysts who are responsible for performing data triage tasks suffer a great deal from the complexity and intensity of their tasks. To fill the gap, we propose to provide novice analysts with on-the-job suggestions by presenting the relevant data triage operations conducted by senior analysts in previous tasks. In a previous study, a tracing method has been developed to track an analyst's data triage operations. This paper mainly presents a data triage operation retrieval system that (1) models the context of a data triage analytic process, (2) uses a centroid similarity matching method to compare contexts, and (3) presents the matched traces to the novice analysts as suggestions. We have implemented and evaluated the performance of the system through both automated testing and human evaluation. The results show that the proposed retrieval system can effectively identify the relevant traces based on an analyst's current analytic process.

Original languageEnglish (US)
Pages (from-to)12-31
Number of pages20
JournalComputers and Security
Volume76
DOIs
StatePublished - Jul 2018

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Law

Fingerprint Dive into the research topics of 'A cyber security data triage operation retrieval system'. Together they form a unique fingerprint.

  • Cite this