查看文章

Triage analysis is a fundamental stage in cyber operations in Security Operations Centers (SOCs). The massive data sources generate great demands on cyber security analysts’ capability of information processing and analytical reasoning. Furthermore, most junior security analysts perform much less efficiently than senior analysts in deciding what data triage operations to perform. To help (junior) analysts perform better, several retrieval methods have been proposed to facilitate data triaging through retrieval of the relevant historical data triage operations of senior security analysts. This paper conducts a review of the existing retrieval methods, including rule-based retrieval and context-based retrieval of data triage operations. It further discusses the new directions in solving the data triage operation retrieval problem.