Reducing Information Overload: Because Even Security Experts Need to Blink

Reducing Information Overload: Because Even Security Experts Need to Blink

연구 분야: Safety

학회: International Conference on Availability, Reliability and Security

Computer Security Incident Response Teams (CSIRTs) face increasing challenges processing the growing volume of security-related information. Daily manual analysis of threat reports, security advisories, and vulnerability announcements leads to information overload, contributing to burnout and attrition among security professionals. Clustering such information to cope with the initial information volume and enables security professionals to grasp the current overview of the situation more easily and decide on actions. This work evaluates 196 combinations of clustering algorithms and embedding models across five security-related datasets to identify optimal approaches for automated information consolidation. We demonstrate that clustering can reduce information overload by over 90 % while maintaining semantic coherence. Our evaluation indicates a minimal need of configuration to successfully cluster information within a reasonable timespan on consumer hardware. The findings suggest that clustering approaches can significantly enhance CSIRT operational efficiency while maintaining analytical integrity. However, complex threat reports require careful parameter tuning to achieve acceptable performance, indicating areas for future optimization (The code is made publicly available at the following URL: https://github.com/PEASEC/reducing-information-overload)