Filtreler

2025 - 20262
Filtreleri Sıfırla

Ayarlar

Yazar: Abuaziz, Ahmed × Bölüm: Işık Üniversitesi, Mühendislik ve Doğa Bilimleri Fakültesi, Bilgisayar Mühendisliği Bölümü ×

Arama Sonuçları

Listeleniyor 1 - 2 / 2
  • Küçük Resim
    Yayın
    A context-aware, AI-driven load balancing framework for incident escalation in SOCs
    (Institute of Electrical and Electronics Engineers Inc., 2025-08-12) Abuaziz, Ahmed; Çeliktaş, Barış
    SOCs face growing challenges in incident management due to increasing alert volumes and the complexity of cyberattacks. Traditional rule-based escalation models often fail to account for the workload of the analyst, the severity of the incident, and the organizational context. This paper proposes a context-aware, AI-driven load balancing framework for intelligent analyst assignment and incident escalation. Our framework leverages large language models (LLMs) with retrievalaugmented generation (RAG) to evaluate incident relevance and historical assignments. A reinforcement learning (RL)-based scheduler continuously optimizes incident-to-analyst assignments based on operational outcomes, enabling the system to adapt to evolving threat landscapes and organizational structures. Planned simulations in realistic SOC environments will compare the model with traditional rule-based models using metrics such as Mean Time to Resolution (MTTR), workload distribution, and escalation accuracy. This work highlights the potential of AIdriven approaches to improve SOC performance and enhance incident response effectiveness.
  • Küçük Resim
    Yayın
    Adaptive incident escalation in SOCs via AI-driven skill-aware assignment and tier optimization
    (Institute of Electrical and Electronics Engineers Inc., 2026-04-15) Abuaziz, Ahmed; Çeliktaş, Barış
    Modern Security Operations Centers (SOCs) face significant operational bottlenecks driven by escalating alert volumes, increasingly sophisticated cyberattack vectors, and chronic imbalances in analyst workloads. Conventional rule-based escalation models frequently fail to account for the multi-dimensional nature of incident characteristics, the nuances of analyst expertise, and fluctuating operational demands. This study proposes a comprehensive AI-driven framework for intelligent incident assignment and workload optimization. The framework introduces five primary contributions: 1) a multi-factor scoring model that integrates severity and complexity metrics with dynamic workload balancing; 2) two novel optimization algorithms, Quantile-Targeted Normality-Regularized Optimization (QT-NRO) and Joint Optimization of Weights and Thresholds (JOWT), to calibrate scoring coefficients against target analyst utilization; 3) a Large Language Model (LLM) engine leveraging Retrieval-Augmented Generation (RAG) for semantic alignment between incident requirements and analyst expertise; 4) an Adaptive Capacity Zoning mechanism for dynamic workload management; and 5) a novel RAG Relevance Score metric—a pre-resolution, semantic alignment indicator that quantifies analyst-incident assignment quality independently of resolution time, addressing a fundamental limitation of traditional temporal metrics such as Mean Time to Resolution (MTTR) and providing a reusable benchmark applicable to any skill-aware assignment system. In addition, the framework incorporates a feedback-based continuous learning mechanism that utilizes historical resolution data to inform future assignments. An experimental evaluation using 10,021 real-world incidents from Microsoft Defender demonstrates that the JOWT algorithm achieves a tier distribution alignment within 0.8% of targets. LLM-enhanced semantic matching yields improvements between 26.7% and 126.8% in skill alignment across both normal-load and high-load evaluations, while simulations indicate a 31.8% reduction in MTTR. These results substantiate the efficacy of AI-driven methodologies in enhancing SOC operational efficiency and response precision.