Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Research › peer-review
Application of the Metric Learning for Security Incident Playbook Recommendation. / Kraeva, Irina; Yakhyaeva, Gulnara.
2021 IEEE 22nd International Conference of Young Professionals in Electron Devices and Materials, EDM 2021 - Proceedings. IEEE Computer Society, 2021. p. 475-479 9507632 (International Conference of Young Specialists on Micro/Nanotechnologies and Electron Devices, EDM; Vol. 2021-June).Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Research › peer-review
}
TY - GEN
T1 - Application of the Metric Learning for Security Incident Playbook Recommendation
AU - Kraeva, Irina
AU - Yakhyaeva, Gulnara
N1 - Funding Information: The research was funded by RFBR and Novosibirsk region, project number 20-47-540005 Publisher Copyright: © 2021 IEEE.
PY - 2021/6/30
Y1 - 2021/6/30
N2 - The article describes an algorithm for the automated selection of the most relevant playbook for responding to computer security precedents. The proposed approach is based on the methodology of metric learning. During the execution of the algorithm, it analyzes the precedents recorded in the past and the playbooks used for them. A trained neural network maps the entire set of precedents into a vector space, in which precedents with the same playbooks are closer to each other than to precedents with different playbooks. This method does not require the involvement of object domain experts and additional training of the network when expanding the set of precedents or playbooks. The developed approach was tested on real data. Experiments show that the proposed method can be effectively used to playbook's recommendation.
AB - The article describes an algorithm for the automated selection of the most relevant playbook for responding to computer security precedents. The proposed approach is based on the methodology of metric learning. During the execution of the algorithm, it analyzes the precedents recorded in the past and the playbooks used for them. A trained neural network maps the entire set of precedents into a vector space, in which precedents with the same playbooks are closer to each other than to precedents with different playbooks. This method does not require the involvement of object domain experts and additional training of the network when expanding the set of precedents or playbooks. The developed approach was tested on real data. Experiments show that the proposed method can be effectively used to playbook's recommendation.
KW - case-based reasoning
KW - cybersecurity incident
KW - cybersecurity playbook
KW - metric learning
KW - multi-label classification
KW - neural network
UR - http://www.scopus.com/inward/record.url?scp=85113582620&partnerID=8YFLogxK
U2 - 10.1109/EDM52169.2021.9507632
DO - 10.1109/EDM52169.2021.9507632
M3 - Conference contribution
AN - SCOPUS:85113582620
T3 - International Conference of Young Specialists on Micro/Nanotechnologies and Electron Devices, EDM
SP - 475
EP - 479
BT - 2021 IEEE 22nd International Conference of Young Professionals in Electron Devices and Materials, EDM 2021 - Proceedings
PB - IEEE Computer Society
T2 - 22nd IEEE International Conference of Young Professionals in Electron Devices and Materials, EDM 2021
Y2 - 30 June 2021 through 4 July 2021
ER -
ID: 34109588