TY - CHAP
T1 - A hybrid recommender for cybersecurity based on rating approach
AU - Ayala, Carlos
AU - Jiménez, Kevin
AU - Loza-Aguirre, Edison
AU - Andrade, Roberto O.
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2021.
PY - 2021/6/15
Y1 - 2021/6/15
N2 - The main function of a security analyst is to protect and make the best decisions for preserving the integrity of computer systems within an organization. Typically, to provide a quick response, analysts usually depend on their good judgement, which should lead them to execute manual processes in a limited time. By dealing with too much information, responses should be executed efficiently and, sometimes, by properly prioritizing threats by criticality. Several approaches to guide analysts identifying attacks and possible solutions have been made. In this research, we propose a recommendation system prototype based on collaborative filtering, generating ratings of the worst cases with the best available recommendations based on expert judgements. The originality of our approach lies on how we build the knowledge base at the heart of the system. It was assembled from the information that some organizations have published on the Internet. As the recommendations proposed by the prototype are rated by analysts as they use the system, the recommendations provided are improved over time. This would allow to reduce problems linked with cold start and will allow to incorporate updated information. During tests, our prototype gets general positive reviews of chosen experts who judged it as a mechanism to reduce both subjectivity and response time.
AB - The main function of a security analyst is to protect and make the best decisions for preserving the integrity of computer systems within an organization. Typically, to provide a quick response, analysts usually depend on their good judgement, which should lead them to execute manual processes in a limited time. By dealing with too much information, responses should be executed efficiently and, sometimes, by properly prioritizing threats by criticality. Several approaches to guide analysts identifying attacks and possible solutions have been made. In this research, we propose a recommendation system prototype based on collaborative filtering, generating ratings of the worst cases with the best available recommendations based on expert judgements. The originality of our approach lies on how we build the knowledge base at the heart of the system. It was assembled from the information that some organizations have published on the Internet. As the recommendations proposed by the prototype are rated by analysts as they use the system, the recommendations provided are improved over time. This would allow to reduce problems linked with cold start and will allow to incorporate updated information. During tests, our prototype gets general positive reviews of chosen experts who judged it as a mechanism to reduce both subjectivity and response time.
KW - Collaborative filtering
KW - Knowledge base
KW - Recommendation system
KW - Security analysis
KW - Security operations
UR - http://www.scopus.com/inward/record.url?scp=85150400564&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-71381-2_20
DO - 10.1007/978-3-030-71381-2_20
M3 - Capítulo
AN - SCOPUS:85150400564
SN - 9783030713805
SP - 445
EP - 462
BT - Advances in Cybersecurity Management
PB - Springer International Publishing
ER -