Authors:
Zarrin Tasnim Sworna
1
;
2
;
Anjitha Sreekumar
3
;
1
;
Chadni Islam
3
;
1
and
Muhammad Ali Babar
3
;
1
;
2
Affiliations:
1
School of Computer Science, University of Adelaide, Australia
;
2
Cyber Security Cooperative Research Centre, Australia
;
3
Centre for Research on Engineering Software Technologies (CREST), University of Adelaide, Australia
Keyword(s):
Security Tools’ API, Security Orchestration, API Recommendation, Security Operation Center.
Abstract:
Security Operation Center (SOC) teams manually analyze numerous tools’ API documentation to find appropriate APIs to define, update and execute incident response plans for responding to security incidents. Manually identifying security tools’ APIs is time consuming that can slow down security incident response. To mitigate this manual process’s negative effects, automated API recommendation support is desired. The state-of-the-art automated security tool API recommendation uses Deep Learning (DL) model. However, DL models are environmentally unfriendly and prohibitively expensive requiring huge time and resources (denoted as “Red AI”). Hence, “Green AI” considering both efficiency and effectiveness is encouraged. Given SOCs’ incident response is hindered by cost, time and resource constraints, we assert that Machine Learning (ML) models are likely to be more suitable for recommending suitable APIs with fewer resources. Hence, we investigate ML model’s applicability for effective and
efficient security tools’ API recommendation. We used 7 real world security tools’ API documentation, 5 ML models, 5 feature representations and 19 augmentation techniques. Our Logistic Regression model with word and character level features compared to the state-of-the-art DL-based approach reduces 95.91% CPU core hours, 97.65% model size, 291.50% time and achieves 0.38% better accuracy, which provides cost-cutting opportunities for industrial SOC adoption.
(More)