Application of the Metric Learning for Security Incident Playbook Recommendation

Irina Kraeva, Gulnara Yakhyaeva

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

The article describes an algorithm for the automated selection of the most relevant playbook for responding to computer security precedents. The proposed approach is based on the methodology of metric learning. During the execution of the algorithm, it analyzes the precedents recorded in the past and the playbooks used for them. A trained neural network maps the entire set of precedents into a vector space, in which precedents with the same playbooks are closer to each other than to precedents with different playbooks. This method does not require the involvement of object domain experts and additional training of the network when expanding the set of precedents or playbooks. The developed approach was tested on real data. Experiments show that the proposed method can be effectively used to playbook's recommendation.

Original languageEnglish
Title of host publication2021 IEEE 22nd International Conference of Young Professionals in Electron Devices and Materials, EDM 2021 - Proceedings
PublisherIEEE Computer Society
Pages475-479
Number of pages5
ISBN (Electronic)9781665414982
DOIs
Publication statusPublished - 30 Jun 2021
Event22nd IEEE International Conference of Young Professionals in Electron Devices and Materials, EDM 2021 - Aya, Altai Region, Russian Federation
Duration: 30 Jun 20214 Jul 2021

Publication series

NameInternational Conference of Young Specialists on Micro/Nanotechnologies and Electron Devices, EDM
Volume2021-June
ISSN (Print)2325-4173
ISSN (Electronic)2325-419X

Conference

Conference22nd IEEE International Conference of Young Professionals in Electron Devices and Materials, EDM 2021
CountryRussian Federation
CityAya, Altai Region
Period30.06.202104.07.2021

Keywords

  • case-based reasoning
  • cybersecurity incident
  • cybersecurity playbook
  • metric learning
  • multi-label classification
  • neural network

OECD FOS+WOS

  • 2.02.IQ ENGINEERING, ELECTRICAL & ELECTRONIC
  • 1.03.UH PHYSICS, ATOMIC, MOLECULAR & CHEMICAL
  • 1.03.SY OPTICS

Fingerprint

Dive into the research topics of 'Application of the Metric Learning for Security Incident Playbook Recommendation'. Together they form a unique fingerprint.

Cite this