Automatic Narrative Summarization for Visualizing Cyber Security Logs and Incident Reports.

Abstract

Cyber security logs and incident reports describe a narrative, but in practice analysts view the data in tables where it can be difficult to follow the narrative. Narrative visualizations are useful, but common examples use a summarized narrative instead of the full story's narrative; it is unclear how to automatically generate these summaries. This paper presents (1) a narrative summarization algorithm to reduce the size and complexity of cyber security narratives with a user-customizable summarization level, and (2) a narrative visualization tailored for incident reports and network logs. An evaluation on real incident reports shows that the summarization algorithm reduces false positives and improves average precision by 41% while reducing average incident report size up to 79%. Together, the visualization and summarization algorithm generate compact representations of cyber narratives that earned praise from a SOC analyst. We further demonstrate that the summarization algorithm can apply to other types of dynamic graphs by automatically generating a summary of the Les Misérables character interaction graph. We find that the list of main characters in the automatically generated summary has substantial agreement with human-generated summaries. A version of this paper, data, and code is freely available at https://osf.io/ekzbp/.