Multi-Agent Collaboration in Incident Response with Large Language Models

TL;DR

This paper investigates how large language models can serve as intelligent agents to improve collaboration, decision-making, and efficiency in cybersecurity incident response through multi-agent systems and simulation frameworks.

Contribution

It introduces a novel application of LLM-based multi-agent collaboration in incident response using a tabletop game framework, analyzing different team structures for optimal coordination.

Findings

LLMs can enhance decision-making in incident response.

Hybrid team structures improve collaboration efficiency.

Simulation results show increased adaptability with LLM agents.

Abstract

Incident response (IR) is a critical aspect of cybersecurity, requiring rapid decision-making and coordinated efforts to address cyberattacks effectively. Leveraging large language models (LLMs) as intelligent agents offers a novel approach to enhancing collaboration and efficiency in IR scenarios. This paper explores the application of LLM-based multi-agent collaboration using the Backdoors & Breaches framework, a tabletop game designed for cybersecurity training. We simulate real-world IR dynamics through various team structures, including centralized, decentralized, and hybrid configurations. By analyzing agent interactions and performance across these setups, we provide insights into optimizing multi-agent collaboration for incident response. Our findings highlight the potential of LLMs to enhance decision-making, improve adaptability, and streamline IR processes, paving the way for more effective and coordinated responses to cyber threats.