Title | Adaptive and Intelligible Prioritization for Network Security Incidents |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Renners, Leonard, Heine, Felix, Kleiner, Carsten, Rodosek, Gabi Dreo |
Conference Name | 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security) |
Keywords | Adaptation models, adaptive incident prioritization, adaptive learning, anomaly detection, Automated Response Actions, Automation, Communication networks, composability, cyber security, incident prioritization, Network security, network security incidents, prioritization model management, pubcrawl, Resiliency, risk management, security, security of data, static calculations, Task Analysis, Tools |
Abstract | Incident prioritization is nowadays a part of many approaches and tools for network security and risk management. However, the dynamic nature of the problem domain is often unaccounted for. That is, the prioritization is typically based on a set of static calculations, which are rarely adjusted. As a result, incidents are incorrectly prioritized, leading to an increased and misplaced effort in the incident response. A higher degree of automation could help to address this problem. In this paper, we explicitly consider flaws in the prioritization an unalterable circumstance. We propose an adaptive incident prioritization, which allows to automate certain tasks for the prioritization model management in order to continuously assess and improve a prioritization model. At the same time, we acknowledge the human analyst as the focal point and propose to keep the human in the loop, among others by treating understandability as a crucial requirement. |
DOI | 10.1109/CyberSecPODS.2019.8885208 |
Citation Key | renners_adaptive_2019 |