Concept and Practical Evaluation for Adaptive and Intelligible Prioritization for Network Security Incidents

International Journal On Cyber Situational Awareness (IJCSA)

ISSN: (Print) 2057-2182 ISSN: (Online) 2057-2182

DOI: 10.22619/IJCSA

Published Semi-annually. Est. 2014

Editor-in-Chief:

Dr Cyril Onwubiko, Chair – Cyber Security & Intelligence, E-Security Group, Research Series, London, UK; IEEE UK & Ireland Section Secretary

Associate Editors:

Professor Frank Wang, Head of School / Professor of Future Computing, Chair IEEE Computer Society, UK&RI, School of Computing, University of Kent, Canterbury, UK

Professor Karen Renaud, Professor of Cyber Security, University of Abertay, Dundee, Scotland, UK


Concept and Practical Evaluation for Adaptive and Intelligible Prioritization for Network Security Incidents

Leonard Renners, Felix Heine, Carsten Kleiner, and Gabi Dreo Rodosek

Abstract:

Incident prioritization is nowadays a part of many approaches and tools for network security and risk management. However, the dynamic nature of the problem domain is often unaccounted for. That is, the prioritization is typically based on a set of static calculations, which are rarely adjusted. As a result, incidents are incorrectly prioritized, leading to an increased and misplaced effort in the incident response. A higher degree of automation could help to address this problem. In this paper, we explicitly consider flaws in the prioritization an unalterable circumstance. We propose an adaptive incident prioritization, which allows to automate certain tasks for the prioritization model management in order to continuously assess and improve a prioritization model. At the same time, we acknowledge the human analyst as the focal point and propose to keep the human in the loop, among others by treating understandability as a crucial requirement.

Keywords: Incident Prioritization, Network Security, Cyber Security, Adaptive Learning.

ISSN: 2057-2182

Volume 4. No. 1

DOI: 10.22619/IJCSA.2019.100127

Date: Dec. 2019

Reference to this paper should be made as follows: Renners, L., Heine, F., Kleiner, C. & Dreo, G. (2019). Concept and Practical Evaluation for Adaptive and Intelligible Prioritization for Network Security Incidents. International Journal on Cyber Situational Awareness, Vol. 4, No. 1, pp99-127.

PDF Download