An Artificial Intelligence Framework for the Representation and Reuse of Cybersecurity Incident Resolution Knowledge

Resumo

To manage cybersecurity incidents, organizations maintain an incident response team to mitigate the incidents and avoid the unavailability of services. Despite the need to generate fast and correct responses to these problems, only a few companies have ways of learning from past problem-solving experiences. This work proposes a knowledge-based cybersecurity incident response framework for this problem. The paper specifies the main tasks of a problem-solving method for the case-based management of cybersecurity incident resolution procedures. It shows that domain expert knowledge about incident problems and resolution routines are handled by Case-Based Reasoning (CBR) and Ontology techniques. The paper also details forms of categorizing such incidents to mapping reported and shared incidents to the framework. Different tests are developed using a system that implements the proposed framework to assess the impact of similarity-based knowledge in supporting the resolution of incident problems.