A Case-Based Reasoning Approach for the Cybersecurity Incident Recording and Resolution

Abstract

Intelligent computing techniques have a paramount importance to the treatment of cybersecurity incidents. In such Artificial Intelligence (AI) context, while most of the algorithms explored in the cybersecurity domain aim to present solutions to intrusion detection problems, these algorithms seldom approach the correction procedures that are explored in the resolution of cybersecurity incident problems that already took place. In practice, knowledge regarding cybersecurity resolution data and procedures is being under-used in the development of intelligent cybersecurity systems, sometimes even lost and not used at all. In this context, this work proposes the Case-based Cybersecurity Incident Resolution System (CCIRS), a system that implements an approach to integrate case-based reasoning (CBR) techniques and the IODEF standard in order to retain concrete problem-solving experiences of cybersecurity incident resolution to be reused in the resolution of new incidents. Different types of experimental results so far obtained with the CCIRS show that information security knowledge can be retained with our approach in a reusable memory improving the resolution of new cybersecurity problems.