Fatemeh Jalalvand

Security operations centres (SOCs) are becoming increasingly important for organisations to detect, investigate, and respond to cyber threats in a timely and effective manner. However, the high volume of alerts received by organisations (e.g., over 10,000 alerts daily) imposes a heavy workload on the analysts, leading to fatigue and burnout, and hindering timely response to critical threats. To address these problems, we leverage human-AI collaboration advantages through integrating artificial intelligence (AI) and human capabilities to perform alert prioritisation (AP) for SOCs. AI can efficiently sift through alerts and identify potential security incidents. Human analysts, in turn, leverage their domain expertise to further investigate and validate these incidents. This collaborative approach not only improves the accuracy of AP but also addresses issues related to alert overload and analyst burnout. The synergy between human insight and AI’s processing power is a powerful solution to the challenges faced by SOCs.