An Artificial Intelligence Framework for the Representation and Reuse of Cybersecurity Incident Resolution Knowledge

  • Patrick Andrei Caron Guerra UFSM
  • Fabio André Barcelos UFSM
  • Raul Ceretta Nunes UFSM
  • Edison Pignaton De Freitas UFRGS
  • Luis Alvaro de Lima Silva UFSM

Resumo


To manage cybersecurity incidents, organizations maintain an incident response team to mitigate the incidents and avoid the unavailability of services. Despite the need to generate fast and correct responses to these problems, only a few companies have ways of learning from past problem-solving experiences. This work proposes a knowledge-based cybersecurity incident response framework for this problem. The paper specifies the main tasks of a problem-solving method for the case-based management of cybersecurity incident resolution procedures. It shows that domain expert knowledge about incident problems and resolution routines are handled by Case-Based Reasoning (CBR) and Ontology techniques. The paper also details forms of categorizing such incidents to mapping reported and shared incidents to the framework. Different tests are developed using a system that implements the proposed framework to assess the impact of similarity-based knowledge in supporting the resolution of incident problems.
Palavras-chave: ontology, cybersecurity incident response, knowledge engineering, Cybersecurity, case-based reasoning
Publicado
16/10/2023
GUERRA, Patrick Andrei Caron; BARCELOS, Fabio André; NUNES, Raul Ceretta; FREITAS, Edison Pignaton De; SILVA, Luis Alvaro de Lima. An Artificial Intelligence Framework for the Representation and Reuse of Cybersecurity Incident Resolution Knowledge. In: LATIN-AMERICAN SYMPOSIUM ON DEPENDABLE COMPUTING (LADC), 12. , 2023, La Paz/Bolívia. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2023 . p. 136–145.