ThreatCluster: Threat Clustering for Information Overload Reduction in Computer Emergency Response Teams

arXiv:2210.14067v2 Announce Type: replace
Abstract: The ever-increasing number of threats and the existing diversity of information sources pose challenges for Computer Emergency Response Teams (CERTs). To respond to emerging threats, CERTs must gather information in a timely and comprehensive manner. But the volume of sources and information leads to information overload. This paper contributes to the question of how to reduce information overload for CERTs. We propose clustering incoming information as scanning this information is one of the most tiresome, …

arxiv challenges clustering computer cs.cr diversity emergency emerging emerging threats information overload respond response teams threat threats