Towards Human-AI Teaming to Mitigate Alert Fatigue in Security Operations Centres

IF 3.9 3区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Mohan Baruwal Chhetri, Shahroz Tariq, Ronal Singh, Fateneh Jalalvand, Cecile Paris, Surya Nepal
{"title":"Towards Human-AI Teaming to Mitigate Alert Fatigue in Security Operations Centres","authors":"Mohan Baruwal Chhetri, Shahroz Tariq, Ronal Singh, Fateneh Jalalvand, Cecile Paris, Surya Nepal","doi":"10.1145/3670009","DOIUrl":null,"url":null,"abstract":"<p>Security Operations Centres (SOCs) play a pivotal role in defending organisations against evolving cyber threats. They function as central hubs for detecting, analysing, and responding promptly to cyber incidents with the primary objective of ensuring the confidentiality, integrity, and availability of digital assets. However, they struggle against the growing problem of alert fatigue, where the sheer volume of alerts overwhelms SOC analysts and raises the risk of overlooking critical threats. In recent times, there has been a growing call for human-AI teaming, wherein humans and AI collaborate with each other, leveraging their complementary strengths and compensating for their weaknesses. The rapid advances in AI and the growing integration of AI-enabled tools and technologies within SOCs give rise to a compelling argument for the implementation of human-AI teaming within the SOC environment. Therefore, in this position paper, we present our vision for human-AI teaming to address the problem of alert fatigue in SOC. We propose the \\(\\mathcal {A}^2\\mathcal {C} \\) Framework, which enables flexible and dynamic decision-making by allowing seamless transitions between automated, augmented, and collaborative modes of operation. Our framework allows AI-powered automation for routine alerts, AI-driven augmentation for expedited expert decision-making, and collaborative exploration for tackling complex, novel threats. By implementing and operationalising \\(\\mathcal {A}^2\\mathcal {C} \\), SOCs can significantly reduce alert fatigue while empowering analysts to efficiently and effectively respond to security incidents.</p>","PeriodicalId":50911,"journal":{"name":"ACM Transactions on Internet Technology","volume":"13 1","pages":""},"PeriodicalIF":3.9000,"publicationDate":"2024-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Internet Technology","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3670009","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Security Operations Centres (SOCs) play a pivotal role in defending organisations against evolving cyber threats. They function as central hubs for detecting, analysing, and responding promptly to cyber incidents with the primary objective of ensuring the confidentiality, integrity, and availability of digital assets. However, they struggle against the growing problem of alert fatigue, where the sheer volume of alerts overwhelms SOC analysts and raises the risk of overlooking critical threats. In recent times, there has been a growing call for human-AI teaming, wherein humans and AI collaborate with each other, leveraging their complementary strengths and compensating for their weaknesses. The rapid advances in AI and the growing integration of AI-enabled tools and technologies within SOCs give rise to a compelling argument for the implementation of human-AI teaming within the SOC environment. Therefore, in this position paper, we present our vision for human-AI teaming to address the problem of alert fatigue in SOC. We propose the \(\mathcal {A}^2\mathcal {C} \) Framework, which enables flexible and dynamic decision-making by allowing seamless transitions between automated, augmented, and collaborative modes of operation. Our framework allows AI-powered automation for routine alerts, AI-driven augmentation for expedited expert decision-making, and collaborative exploration for tackling complex, novel threats. By implementing and operationalising \(\mathcal {A}^2\mathcal {C} \), SOCs can significantly reduce alert fatigue while empowering analysts to efficiently and effectively respond to security incidents.

实现人机交互,减轻安全运营中心的警报疲劳
安全运营中心(SOC)在组织抵御不断变化的网络威胁方面发挥着举足轻重的作用。它们是检测、分析和及时应对网络事件的中心枢纽,主要目标是确保数字资产的保密性、完整性和可用性。然而,它们却在与日益严重的警报疲劳问题作斗争,大量的警报让 SOC 分析师应接不暇,并增加了忽视关键威胁的风险。近来,人类与人工智能合作的呼声越来越高,在这种合作中,人类与人工智能相互协作,取长补短。人工智能的飞速发展以及 SOC 中人工智能工具和技术的日益集成,为在 SOC 环境中实施人类与人工智能的协同合作提供了有力的论据。因此,在本立场文件中,我们提出了人类-人工智能团队合作的愿景,以解决 SOC 中的警报疲劳问题。我们提出了\(\mathcal {A}^2\mathcal {C} \)框架,该框架允许在自动化、增强型和协作型操作模式之间无缝转换,从而实现灵活、动态的决策。我们的框架允许人工智能驱动的自动化处理常规警报,允许人工智能驱动的增强处理加速专家决策,允许协作探索处理复杂的新型威胁。通过实施和操作 \(\mathcal {A}^2\mathcal {C} \),SOC 可以显著减少警报疲劳,同时使分析人员能够高效、有效地应对安全事件。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
ACM Transactions on Internet Technology
ACM Transactions on Internet Technology 工程技术-计算机:软件工程
CiteScore
10.30
自引率
1.90%
发文量
137
审稿时长
>12 weeks
期刊介绍: ACM Transactions on Internet Technology (TOIT) brings together many computing disciplines including computer software engineering, computer programming languages, middleware, database management, security, knowledge discovery and data mining, networking and distributed systems, communications, performance and scalability etc. TOIT will cover the results and roles of the individual disciplines and the relationshipsamong them.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信