@inproceedings{sotes-etal-2024-cecilia,
    title = "{CECILIA}: Enhancing {CSIRT} Effectiveness with Transformer-Based Cyber Incident Classification",
    author = "Sotes, Juan Jose Delgado  and
      Mendoza, Alicia Martinez  and
      Vasco, Andres Carofilis  and
      Fernandez, Eduardo Fidalgo  and
      Gutierrez, Enrique Alegre",
    editor = "Mitkov, Ruslan  and
      Ezzini, Saad  and
      Ranasinghe, Tharindu  and
      Ezeani, Ignatius  and
      Khallaf, Nouran  and
      Acarturk, Cengiz  and
      Bradbury, Matthew  and
      El-Haj, Mo  and
      Rayson, Paul",
    booktitle = "Proceedings of the First International Conference on Natural Language Processing and Artificial Intelligence for Cyber Security",
    month = jul,
    year = "2024",
    address = "Lancaster, UK",
    publisher = "International Conference on Natural Language Processing and Artificial Intelligence for Cyber Security",
    url = "https://preview.aclanthology.org/fix-sig-urls/2024.nlpaics-1.21/",
    pages = "186--195",
    abstract = "This paper introduces an approach to improv ing incident response times by applying various Artificial Intelligence (AI) classification algorithms based on transformers to analyze the efficacy of these models in categorizing cyber incidents. As a first contribution, we developed a cyber incident dataset, CECILIA-10C-900, collecting cyber incident reports from six qualified web sources. The contribution of creating a dataset on cyber incident detection is remarkable due to the scarcity of such datasets. Each incident has been tagged by hand according to the cyber incident taxonomy defined by the CERT (Computer Emergency Response Team) of the National Institute of Cybersecurity (INCIBE). This dataset is highly unbalanced, so we decided to unify the four least represented classes under the label ``others'', leaving a dataset with six categories (CECILIA-6C-900). With these reliable datasets, we performed a comparison of the best algorithms specifically for the cyber incident classification problem, evaluating eight different metrics on two conventional classifiers and six other transformer-based classifiers. Our study highlights the importance of having a rapid classification mechanism for CSIRTs (Computer Security Incident Response Teams) and showcases the potential of machine learning algorithms to improve cyber defense mechanisms. The findings from our analysis provide valuable insights into the strengths and limitations of different classification techniques. It can be used in future work on cyber incident response strategies"
}