Adaptive incident escalation in SOCs via AI-driven skill-aware assignment and tier optimization

Basit Öğe Kaydı
dc.authorid0009-0001-3229-8345
dc.authorid0000-0003-2865-6370
dc.contributor.authorAbuaziz, Ahmeden_US
dc.contributor.authorÇeliktaş, Barışen_US
dc.date.accessioned2026-05-04T10:30:51Z
dc.date.available2026-05-04T10:30:51Z
dc.date.issued2026-04-15
dc.departmentIşık Üniversitesi, Lisansüstü Eğitim Enstitüsü, Bilgisayar Mühendisliği Yüksek Lisans Programıen_US
dc.departmentIşık University, School of Graduate Studies, Master’s Program in Computer Engineeringen_US
dc.departmentIşık Üniversitesi, Mühendislik ve Doğa Bilimleri Fakültesi, Bilgisayar Mühendisliği Bölümüen_US
dc.departmentIşık University, Faculty of Engineering and Natural Sciences, Department of Computer Engineeringen_US
dc.description.abstractModern Security Operations Centers (SOCs) face significant operational bottlenecks driven by escalating alert volumes, increasingly sophisticated cyberattack vectors, and chronic imbalances in analyst workloads. Conventional rule-based escalation models frequently fail to account for the multi-dimensional nature of incident characteristics, the nuances of analyst expertise, and fluctuating operational demands. This study proposes a comprehensive AI-driven framework for intelligent incident assignment and workload optimization. The framework introduces five primary contributions: 1) a multi-factor scoring model that integrates severity and complexity metrics with dynamic workload balancing; 2) two novel optimization algorithms, Quantile-Targeted Normality-Regularized Optimization (QT-NRO) and Joint Optimization of Weights and Thresholds (JOWT), to calibrate scoring coefficients against target analyst utilization; 3) a Large Language Model (LLM) engine leveraging Retrieval-Augmented Generation (RAG) for semantic alignment between incident requirements and analyst expertise; 4) an Adaptive Capacity Zoning mechanism for dynamic workload management; and 5) a novel RAG Relevance Score metric—a pre-resolution, semantic alignment indicator that quantifies analyst-incident assignment quality independently of resolution time, addressing a fundamental limitation of traditional temporal metrics such as Mean Time to Resolution (MTTR) and providing a reusable benchmark applicable to any skill-aware assignment system. In addition, the framework incorporates a feedback-based continuous learning mechanism that utilizes historical resolution data to inform future assignments. An experimental evaluation using 10,021 real-world incidents from Microsoft Defender demonstrates that the JOWT algorithm achieves a tier distribution alignment within 0.8% of targets. LLM-enhanced semantic matching yields improvements between 26.7% and 126.8% in skill alignment across both normal-load and high-load evaluations, while simulations indicate a 31.8% reduction in MTTR. These results substantiate the efficacy of AI-driven methodologies in enhancing SOC operational efficiency and response precision.en_US
dc.description.versionPublisher's Versionen_US
dc.identifier.citationAbuaziz, A. & Çeliktaş, B. (2026). Adaptive incident escalation in SOCs via AI-driven skill-aware assignment and tier optimization. IEEE Access, 14, 56611-56638. doi:https://doi.org/10.1109/ACCESS.2026.3682449en_US
dc.identifier.doi10.1109/ACCESS.2026.3682449
dc.identifier.endpage56638
dc.identifier.issn2169-3536
dc.identifier.scopus2-s2.0-105036282642
dc.identifier.scopusqualityQ1
dc.identifier.startpage56611
dc.identifier.urihttps://hdl.handle.net/11729/7369
dc.identifier.urihttps://doi.org/10.1109/ACCESS.2026.3682449
dc.identifier.volume14
dc.identifier.wosWOS:001743145600010
dc.identifier.wosqualityQ2
dc.indekslendigikaynakScopusen_US
dc.indekslendigikaynakWeb of Scienceen_US
dc.indekslendigikaynakScience Citation Index Expanded (SCI-EXPANDED)en_US
dc.institutionauthorAbuaziz, Ahmeden_US
dc.institutionauthorÇeliktaş, Barışen_US
dc.institutionauthorid0009-0001-3229-8345
dc.institutionauthorid0000-0003-2865-6370
dc.language.isoenen_US
dc.peerreviewedYesen_US
dc.publicationstatusPublisheden_US
dc.publisherInstitute of Electrical and Electronics Engineers Inc.en_US
dc.relation.ispartofIEEE Accessen_US
dc.relation.publicationcategoryMakale - Uluslararası Hakemli Dergi - Öğrencien_US
dc.relation.publicationcategoryMakale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanıen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subjectAI-driven tier optimizationen_US
dc.subjectIncident escalationen_US
dc.subjectLarge language modelsen_US
dc.subjectSecurity operations center (SOC)en_US
dc.subjectSkill-aware incident assignmenten_US
dc.subjectWorkload balancingen_US
dc.subjectAlignmenten_US
dc.subjectArtificial intelligenceen_US
dc.subjectBalancingen_US
dc.subjectBenchmarkingen_US
dc.subjectComputational methodsen_US
dc.subjectComputer software reusabilityen_US
dc.subjectNetwork securityen_US
dc.subjectOptimizationen_US
dc.subjectSecurity systemsen_US
dc.subjectZoningen_US
dc.subjectIncident assignmentsen_US
dc.subjectIncident escalationsen_US
dc.subjectLanguage modelen_US
dc.subjectLarge language modelen_US
dc.subjectOptimisationsen_US
dc.subjectSecurity operation centeren_US
dc.subjectSemanticsen_US
dc.subjectPayloadsen_US
dc.subjectFeedsen_US
dc.subjectAntennasen_US
dc.subjectSystem-on-chipen_US
dc.subjectFeedbacken_US
dc.subjectApplication specific integrated circuitsen_US
dc.subjectCircuitsen_US
dc.subjectFilteringen_US
dc.subjectRecommender systemsen_US
dc.subjectFiltersen_US
dc.titleAdaptive incident escalation in SOCs via AI-driven skill-aware assignment and tier optimizationen_US
dc.typeArticleen_US
dspace.entity.typePublicationen_US

Dosyalar

Orijinal paket
Listeleniyor 1 - 1 / 1
Küçük Resim
İsim:
Adaptive_Incident_Escalation_in_SOCs_via_AI_Driven_Skill_Aware_Assignment_and_Tier_Optimization.pdf
Boyut:
2.47 MB
Biçim:
Adobe Portable Document Format
İndir
Lisans paketi
Listeleniyor 1 - 1 / 1
Küçük Resim Yok
İsim:
license.txt
Boyut:
1.17 KB
Biçim:
Item-specific license agreed upon to submission
Açıklama:
İndir

Koleksiyon

Öğrenci Yayınları Makale Koleksiyonu
Lisansüstü Eğitim Enstitüsü Diğer Yayınlar Koleksiyonu
Scopus İndeksli Yayınlar Koleksiyonu
WoS İndeksli Yayınlar Koleksiyonu