Alert Fatigue in Security Operations Centres: Research Challenges and Opportunities

Alert Fatigue in Security Operations Centres: Research Challenges and Opportunities

연구 분야: Safety

학회: ACM Computing Surveys, Volume 57, Issue 9

A security operations centre (SOC) is a facility where teams of security professionals, supported by advanced technologies and processes, work together to monitor, detect, and respond to cybersecurity incidents. With advances in AI technology, most of the SOC functions are increasingly becoming AI-driven. Among these, real-time alert monitoring and triage is particularly important. Recent studies, by both industry and academia, have highlighted the problem of alert fatigue and burnout in SOC. Several solutions have been proposed in the literature and by the industry to address this problem. In this article, we review the existing literature and industry solutions on alert fatigue mitigation through the lenses of automation, augmentation, and human–AI collaboration. Based on the review, we identify four major causes of alert fatigue in SOC. We also examine the shortcomings of existing solutions and propose several potential research directions leveraging AI. By providing a comprehensive analysis of the state-of-the-art approaches and their limitations, this study contributes to the existing literature in an important field of study. We anticipate that it will inspire new research directions for addressing alert fatigue not just in SOCs but across other Command and Control (C2) domains as well.