Advertisement

Retrieval of Relevant Historical Data Triage Operations in Security Operation Centers

  • Tao Lin
  • Chen Zhong
  • John Yen
  • Peng Liu
Chapter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11170)

Abstract

Triage analysis is a fundamental stage in cyber operations in Security Operations Centers (SOCs). The massive data sources generate great demands on cyber security analysts’ capability of information processing and analytical reasoning. Furthermore, most junior security analysts perform much less efficiently than senior analysts in deciding what data triage operations to perform. To help (junior) analysts perform better, several retrieval methods have been proposed to facilitate data triaging through retrieval of the relevant historical data triage operations of senior security analysts. This paper conducts a review of the existing retrieval methods, including rule-based retrieval and context-based retrieval of data triage operations. It further discusses the new directions in solving the data triage operation retrieval problem.

Keywords

Cyber situational awareness Data Triage Retrieval systems 

Notes

Acknowledgment

This work was supported by ARO W911NF-13-1-0421 (MURI) and ARO W911NF-15-1-0576.

References

  1. 1.
    Chen, P.C., Liu, P., Yen, J., Mullen, T.: Experience-based cyber situation recognition using relaxable logic patterns. In: 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), pp. 243–250. IEEE (2012)Google Scholar
  2. 2.
    D’Amico, A., Whitley, K.: The real work of computer network defense analysts. In: Goodall, J.R., Conti, G., Ma, K.L. (eds.) VizSEC 2007. Mathematics and Visualization, pp. 19–37. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78243-8_2CrossRefGoogle Scholar
  3. 3.
    Erbacher, R.F., Frincke, D.A., Wong, P.C., Moody, S., Fink, G.: A multi-phase network situational awareness cognitive task analysis. Inf. Vis. 9(3), 204–219 (2010)CrossRefGoogle Scholar
  4. 4.
    Ganame, A.K., Bourgeois, J., Bidou, R., Spies, F.: A global security architecture for intrusion detection on computer networks. Comput. Secur. 27(1), 30–47 (2008)CrossRefGoogle Scholar
  5. 5.
    Lukasiewicz, T.: Ontology-based semantic search on the web. Ann. Math. Artif. Intell. 65(2–3), 83–121 (2011)Google Scholar
  6. 6.
    Palangi, H., et al.: Deep sentence embedding using long short-term memory networks: analysis and application to information retrieval. IEEE/ACM Trans. Audio Speech Lang. Process. (TASLP) 24(4), 694–707 (2016)CrossRefGoogle Scholar
  7. 7.
    Zhong, C., et al.: RankAOH: context-driven similarity-based retrieval of experiences in cyber analysis. In: 2014 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), pp. 230–236. IEEE (2014)Google Scholar
  8. 8.
    Zhong, C., Yen, J., Liu, P., Erbacher, R., Etoty, R., Garneau, C.: ARSCA: a computer tool for tracing the cognitive processes of cyber-attack analysis. In: 2015 IEEE International Inter-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), pp. 165–171. IEEE (2015)Google Scholar
  9. 9.
    Zhong, C., Yen, J., Liu, P., Erbacher, R., Etoty, R., Garneau, C.: An integrated computer-aided cognitive task analysis method for tracing cyber-attack analysis processes. In: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, p. 9. ACM (2015)Google Scholar
  10. 10.
    Zhong, C., Yen, J., Liu, P., Erbacher, R.F., Garneau, C., Chen, B.: Studying analysts’ data triage operations in cyber defense situational analysis. In: Liu, P., Jajodia, S., Wang, C. (eds.) Theory and Models for Cyber Situation Awareness. LNCS, vol. 10030, pp. 128–169. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-61152-5_6CrossRefGoogle Scholar
  11. 11.
    Zhong, C., Yen, J., Liu, P., Erbacher, R.F.: Automate cybersecurity data triage by leveraging human analysts’ cognitive process. In: 2016 IEEE 2nd International Conference on Intelligent Data and Security (IDS), 2nd edn., pp. 357–363. IEEE (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Pennsylvania State UniversityUniversity ParkUSA
  2. 2.Indiana University KokomoKokomoUSA

Personalised recommendations