NERD: Neural Network for Edict of Risky Data Streams

TL;DR

This paper introduces NERD, an AI-powered system that analyzes multiple data sources to identify, classify, and support decision-making for cyber security incidents, enhancing response effectiveness.

Contribution

The paper presents a novel Cyber Incident Handling Support System that integrates diverse data and AI to improve incident detection, classification, and decision support.

Findings

Improved incident detection accuracy

Enhanced decision-making support

Effective feedback integration for learning

Abstract

Cyber incidents can have a wide range of cause from a simple connection loss to an insistent attack. Once a potential cyber security incidents and system failures have been identified, deciding how to proceed is often complex. Especially, if the real cause is not directly in detail determinable. Therefore, we developed the concept of a Cyber Incident Handling Support System. The developed system is enriched with information by multiple sources such as intrusion detection systems and monitoring tools. It uses over twenty key attributes like sync-package ratio to identify potential security incidents and to classify the data into different priority categories. Afterwards, the system uses artificial intelligence to support the further decision-making process and to generate corresponding reports to brief the Board of Directors. Originating from this information, appropriate and detailed suggestions are made regarding the causes and troubleshooting measures. Feedback from users regarding the problem solutions are included into future decision-making by using labelled flow data as input for the learning process. The prototype shows that the decision making can be sustainably improved and the Cyber Incident Handling process becomes much more effective.