Abstract
Cyberattacks have become more complex and analysts need help managing all alerts promptly. Many organizations implement Security, Orchestration, Automation, and Response (SOAR) tools to automate Incident Response (IR). However, it is challenging to integrate these tools, often delaying expected Return on Investment (ROI). Our approach aims to automatically generate optimal playbooks using the Pareto front, which balances impact, loss, and complexity. These playbooks are populated in an ontology that aims to be integrated with a SOAR to overcome the SOAR limitations. Using the Pareto Front, we aim to reduce the generated playbooks by an average of over 75%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Booth, H., Turner, C.: Vulnerability description ontology (VDO): a framework for characterizing vulnerabilities. Technical report, NIST
Cichonski, P., Millar, T., Grance, T., Scarfone, K., et al.: Computer security incident handling guide. NIST Spec. Publ. 800(61), 1–147 (2012)
Empl, P., Schlette, D., Stöger, L., Pernul, G.: Generating ICS vulnerability playbooks with open standards. Int. J. Inf. Secur. 23, 1215–1230 (2023)
Ganin, A.A., Quach, P., Panwar, M., Collier, Z.A., Keisler, J.M., Marchese, D., Linkov, I.: Multicriteria decision framework for cybersecurity risk assessment and management. Risk Anal. 40(1), 183–199 (2020)
Hutschenreuter, H., Çakmakçi, S.D., Maeder, C., Kemmerich, T.: Ontology-based cybersecurity and resilience framework. In: ICISSP, pp. 458–466 (2021)
Islam, C., Babar, M.A., Nepal, S.: Automated interpretation and integration of security tools using semantic knowledge. In: Giorgini, P., Weber, B. (eds.) CAiSE 2019. LNCS, vol. 11483, pp. 513–528. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21290-2_32
Jordan, B., Thomson, A.: Cacao security playbooks version 1.0. OASIS. Committee Specificat. 2 (2021)
Komal, S., et al.: Adarma auto-detection and auto-remediation of microservice anomalies by leveraging large language models. In: Proceedings of the 33rd Annual International Conference on Computer Science and Software Engineering, pp. 200–205 (2023)
Mern, J., Hatch, K., Silva, R., Hickert, C., Sookoor, T., Kochenderfer, M.J.: Autonomous attack mitigation for industrial control systems. In: 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 28–36. IEEE (2022)
Moreira, G.B., Calegario, V.M., Duarte, J.C., dos Santos, A.F.P.: Csiho: an ontology for computer security incident handling. In: Anais do XVIII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pp. 1–14. SBC (2018)
Syed, Z., Padia, A., Finin, T., Mathews, L., Joshi, A.: UCO: a unified cybersecurity ontology. UMBC Student Collection (2016)
Van Veldhuizen, D.A., Lamont, G.B., et al.: Evolutionary computation and convergence to a pareto front. In: Late Breaking Papers at the Genetic Programming 1998 Conference, pp. 221–228. Citeseer (1998)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 IFIP International Federation for Information Processing
About this paper
Cite this paper
Saint-Hilaire, K.A., Neal, C., Cuppens, F., Boulahia-Cuppens, N., Hadji, M. (2024). Optimal Automated Generation of Playbooks. In: Ferrara, A.L., Krishnan, R. (eds) Data and Applications Security and Privacy XXXVIII. DBSec 2024. Lecture Notes in Computer Science, vol 14901. Springer, Cham. https://doi.org/10.1007/978-3-031-65172-4_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-65172-4_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-65171-7
Online ISBN: 978-3-031-65172-4
eBook Packages: Computer ScienceComputer Science (R0)