Human-Machine Teaming for Network Intrusion Alert Management

A Cybersecurity Operations Center (CSOC) performs various tasks to protect an organization from cyber threats. Several types of personnel collaborate to function effectively as a team to analyze the threat signals, in the form of alerts, arriving from various sources. Teams are often formed ad hoc, resulting in an imbalance in their performances and thereby increasing the risk associated with the low-performing teams. This project takes a holistic view of the CSOC by first defining team requirements and then selecting individuals to form several collaborative teams that meet these requirements for every shift of operation. A novel team formation framework is developed that integrates mathematical optimization, simulation, and scoring methods to form effective teams and introduces a new collaborative score metric that measures the effectiveness of the teams.