Main content

Contributors:

Date created: | Last Updated:

: DOI | ARK

Creating DOI. Please wait...

Create DOI

Category: Project

Description: Cyber security logs and incident reports describe a narrative, but in practice analysts view the data in tables where it can be difficult to follow the narrative. Narrative visualizations are useful, but common examples use a summarized narrative instead of the full story’s narrative; it is unclear how to automatically generate these summaries. This paper presents (1) a narrative summarization algorithm to reduce the size and complexity of cyber security narratives with a user-customizable summarization level, and (2) a narrative visualization tailored for incident reports and network logs. An evaluation on real incident reports shows that the summarization algorithm reduces false positives and improves average precision by 41% while reducing average incident report size up to 79%. Together, the visualization and summarization algorithm generate compact representations of cyber narratives that earned praise from a SOC analyst. We further demonstrate that the summarization algorithm can apply to other types of dynamic graphs by automatically generating a summary of the Les Misérables character interaction graph. We find that the list of main characters in the automatically generated summary has substantial agreement with human-generated summaries. A version of this paper, data, and code is freely available at https://osf.io/ekzbp/.

Files

Loading files...

Citation

Recent Activity

Loading logs...

OSF does not support the use of Internet Explorer. For optimal performance, please switch to another browser.
Accept
This website relies on cookies to help provide a better user experience. By clicking Accept or continuing to use the site, you agree. For more information, see our Privacy Policy and information on cookie use.
Accept
×

Start managing your projects on the OSF today.

Free and easy to use, the Open Science Framework supports the entire research lifecycle: planning, execution, reporting, archiving, and discovery.