ThreatCluster: Threat Clustering for Information Overload Reduction in Computer Emergency Response Teams
Sábháilte in:
| Foilsithe in: | arXiv.org (Mar 15, 2024), p. n/a |
|---|---|
| Príomhchruthaitheoir: | |
| Rannpháirtithe: | , , |
| Foilsithe / Cruthaithe: |
Cornell University Library, arXiv.org
|
| Ábhair: | |
| Rochtain ar líne: | Citation/Abstract Full text outside of ProQuest |
| Clibeanna: |
Níl clibeanna ann, Bí ar an gcéad duine le clib a chur leis an taifead seo!
|
MARC
| LEADER | 00000nab a2200000uu 4500 | ||
|---|---|---|---|
| 001 | 2728700835 | ||
| 003 | UK-CbPIL | ||
| 022 | |a 2331-8422 | ||
| 035 | |a 2728700835 | ||
| 045 | 0 | |b d20240315 | |
| 100 | 1 | |a Kuehn, Philipp | |
| 245 | 1 | |a ThreatCluster: Threat Clustering for Information Overload Reduction in Computer Emergency Response Teams | |
| 260 | |b Cornell University Library, arXiv.org |c Mar 15, 2024 | ||
| 513 | |a Working Paper | ||
| 520 | 3 | |a The ever-increasing number of threats and the existing diversity of information sources pose challenges for Computer Emergency Response Teams (CERTs). To respond to emerging threats, CERTs must gather information in a timely and comprehensive manner. But the volume of sources and information leads to information overload. This paper contributes to the question of how to reduce information overload for CERTs. We propose clustering incoming information as scanning this information is one of the most tiresome, but necessary, manual steps. Based on current studies, we establish conditions for such a framework. Different types of evaluation metrics are used and selected in relation to the framework conditions. Furthermore, different document embeddings and distance measures are evaluated and interpreted in combination with clustering methods. We use three different corpora for the evaluation, a novel ground truth corpus based on threat reports, one security bug report (SBR) corpus, and one with news articles. Our work shows, it is possible to reduce the information overload by up to 84.8% with homogeneous clusters. A runtime analysis of the clustering methods strengthens the decision of selected clustering methods. The source code and dataset will be made publicly available after acceptance. | |
| 653 | |a Emergency response | ||
| 653 | |a Datasets | ||
| 653 | |a Vector processing (computers) | ||
| 653 | |a Overloading | ||
| 653 | |a Cluster analysis | ||
| 653 | |a Messages | ||
| 653 | |a Information sources | ||
| 653 | |a Teams | ||
| 653 | |a Clustering | ||
| 653 | |a Evaluation | ||
| 653 | |a Vector quantization | ||
| 653 | |a Information overload | ||
| 700 | 1 | |a Nadermahmoodi, Dilara | |
| 700 | 1 | |a Kerk, Moritz | |
| 700 | 1 | |a Reuter, Christian | |
| 773 | 0 | |t arXiv.org |g (Mar 15, 2024), p. n/a | |
| 786 | 0 | |d ProQuest |t Engineering Database | |
| 856 | 4 | 1 | |3 Citation/Abstract |u https://www.proquest.com/docview/2728700835/abstract/embedded/L8HZQI7Z43R0LA5T?source=fedsrch |
| 856 | 4 | 0 | |3 Full text outside of ProQuest |u http://arxiv.org/abs/2210.14067 |