SoK: Applications and Challenges of using Recommender Systems in Cybersecurity Incident Handling and Response

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F22%3A00126038" target="_blank" >RIV/00216224:14610/22:00126038 - isvavai.cz</a>

Výsledek na webu

<a href="https://dl.acm.org/doi/10.1145/3538969.3538981" target="_blank" >https://dl.acm.org/doi/10.1145/3538969.3538981</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3538969.3538981" target="_blank" >10.1145/3538969.3538981</a>

Jazyk výsledku

angličtina

Název v původním jazyce

SoK: Applications and Challenges of using Recommender Systems in Cybersecurity Incident Handling and Response

Popis výsledku v původním jazyce

Incident handling, a fundamental activity of a cybersecurity incident response team, is a complex discipline that consumes a significant amount of personnel's time and costs. There are continuous efforts to facilitate incident handling and response in terms of providing procedural or decision support and processing relevant data. In this paper, we survey the approaches towards (semi-)automated incident handling and response backed by recommender systems that are successful in other domains. We discuss which phases and tiers of incident handling can be automated and to what level while evaluating the maturity of proposed approaches and tools. While we did not find a full-scale recommender system that would guide the user through incident handling and suggest which steps to take, many of them aim at particular problems. The discussed issues are not resolved yet but seem to get the attention of researchers and will likely be investigated in the future.

Název v anglickém jazyce

SoK: Applications and Challenges of using Recommender Systems in Cybersecurity Incident Handling and Response

Popis výsledku anglicky

Incident handling, a fundamental activity of a cybersecurity incident response team, is a complex discipline that consumes a significant amount of personnel's time and costs. There are continuous efforts to facilitate incident handling and response in terms of providing procedural or decision support and processing relevant data. In this paper, we survey the approaches towards (semi-)automated incident handling and response backed by recommender systems that are successful in other domains. We discuss which phases and tiers of incident handling can be automated and to what level while evaluating the maturity of proposed approaches and tools. While we did not find a full-scale recommender system that would guide the user through incident handling and suggest which steps to take, many of them aim at particular problems. The discussed issues are not resolved yet but seem to get the attention of researchers and will likely be investigated in the future.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

<a href="/cs/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

The 17th International Conference on Availability, Reliability and Security (ARES 2022)

ISBN

9781450396707

ISSN

—

e-ISSN

—

Počet stran výsledku

10

Strana od-do

„25:1“-„25:10“

Název nakladatele

ACM

Místo vydání

Vienna

Místo konání akce

Vienna, Austria

Datum konání akce

23. 8. 2022

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

001122620500025