A hybrid recommender for cybersecurity based on rating approach

Abstract

The main function of a security analyst is to protect and make the best decisions for preserving the integrity of computer systems within an organization. Typically, to provide a quick response, analysts usually depend on their good judgement, which should lead them to execute manual processes in a limited time. By dealing with too much information, responses should be executed efficiently and, sometimes, by properly prioritizing threats by criticality. Several approaches to guide analysts identifying attacks and possible solutions have been made. In this research, we propose a recommendation system prototype based on collaborative filtering, generating ratings of the worst cases with the best available recommendations based on expert judgements. The originality of our approach lies on how we build the knowledge base at the heart of the system. It was assembled from the information that some organizations have published on the Internet. As the recommendations proposed by the prototype are rated by analysts as they use the system, the recommendations provided are improved over time. This would allow to reduce problems linked with cold start and will allow to incorporate updated information. During tests, our prototype gets general positive reviews of chosen experts who judged it as a mechanism to reduce both subjectivity and response time.