Abstract
In real-world situations, several threat alerts are being investigated by the specialised staff. In order to prompt response to serve incidents or ignore false alarms, alerts are prioritised and analysed. Security professionals rely on information provided in the alert message. Insufficient information in alert messages raises challenges for security analysts that require them to keep track of all internal and external sources to identify the relevant information. In this paper, a Narrative Analytics-Assisted System (NAAS) is proposed, and a knowledge graph is used in the proposed system to present the relationships. The knowledge graph is proposed to capture the complex relationships between the alert and relevant information from the Internal and External knowledge bases to reduce the cognitive effort in information digestion and to understand a wealth of security data. To enable cooperation in the cyber risk management process, it is an inevitable necessity to generate the knowledge graph and interpret it in a human-friendly format. The current machine-friendly formats for reporting incidents from alerts are complex and of an extensive nature. These characteristics hamper the readability and contribution, therefore preventing humans from understanding and being up to date about the incident. NAAS contains four life cycles to assist an analyst to have a better perception of the elements of the environment by involving more staff in the risk management: (1) Analyses the alert, (2) designs the knowledge graph with the natural language sentences, (3) automatically implements the incident report in natural language by applying novel storytelling techniques from the knowledge graph, and (4) maintains it with the contribution of different levels of expertise. The performance of various NAAS's cycles is demonstrated in a case study with an example scenario from the Security Operations Centre (SOC) at an educational institution, highlighting its useability.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
