Analyst-aware incident assignment in security operations centers: a multi-factor prioritization and optimization framework

Basit Öğe Kaydı
dc.authorid0009-0005-1151-7480
dc.authorid0000-0003-2865-6370
dc.contributor.authorKılınçdemir, Eyüp Canen_US
dc.contributor.authorÇeliktaş, Barışen_US
dc.date.accessioned2025-07-25T07:05:42Z
dc.date.available2025-07-25T07:05:42Z
dc.date.issued2025-07-15
dc.departmentIşık Üniversitesi, Lisansüstü Eğitim Enstitüsü, Bilgisayar Mühendisliği Yüksek Lisans Programıen_US
dc.departmentIşık University, School of Graduate Studies, Master’s Program in Computer Engineeringen_US
dc.departmentIşık Üniversitesi, Mühendislik ve Doğa Bilimleri Fakültesi, Bilgisayar Mühendisliği Bölümüen_US
dc.departmentIşık University, Faculty of Engineering and Natural Sciences, Department of Computer Engineeringen_US
dc.description.abstractIn this paper, we propose a comprehensive and scalable framework for incident assignment and prioritization in Security Operations Centers (SOCs). The proposed model aims to optimize SOC workflows by addressing key operational challenges such as analyst fatigue, alert overload, and inconsistent incident handling. Our framework evaluates each incident using a multi-factor scoring model that incorporates incident severity, service-level agreement (SLA) urgency, incident type, asset criticality, threat intelligence indicators, frequency of repetition, and a correlation score derived from historical incident data. We formalize this evaluation through a set of mathematical functions that compute a dynamic incident score and derive incident complexity. In parallel, analyst profiles are quantified using Analyst Load Factor (ALF) and Experience Match Factor (EMF), two novel metrics that account for both workload distribution and expertise alignment. The incident–analyst matching process is expressed as a constrained optimization problem, where the final assignment score is computed by balancing incident priority with analyst suitability. This formulation enables automated, real-time assignment of incidents to the most appropriate analysts, while ensuring both operational fairness and triage precision. The model is validated using algorithmic pseudocode, scoring tables, and a simplified case study, which illustrates the realworld applicability and decision logic of the framework in large-scale SOC environments. To validate the framework under real-world conditions, an empirical case study was conducted using 10 attack scenarios from the CICIDS2017 benchmark dataset. Overall, our contributions lie in the formalization of a dual-factor analyst scoring scheme and the integration of contextual incident features into an adaptive, rule-based assignment framework. To further strengthen operational value, future work will explore adaptive weighting mechanisms and integration with real-time SIEM pipelines. Additionally, feedback loops and supervised learning models will be incorporated to continuously refine analyst-incident matching and prioritization.en_US
dc.description.versionPublisher's Versionen_US
dc.identifier.citationKılınçdemir, E. C. & Çeliktas, B. (2025). Analyst-aware incident assignment in security operations centers: a multi-factor prioritization and optimization framework. Black Sea Journal of Engineering and Science, 8(4), 1160-1180. doi:10.34248/bsengineering.1693042en_US
dc.identifier.endpage1180
dc.identifier.issn2619-8991
dc.identifier.issue4
dc.identifier.startpage1160
dc.identifier.urihttps://hdl.handle.net/11729/6579
dc.identifier.urihttps://doi.org/10.34248/bsengineering.1693042
dc.identifier.volume8
dc.institutionauthorKılınçdemir, Eyüp Canen_US
dc.institutionauthorÇeliktaş, Barışen_US
dc.institutionauthorid0009-0005-1151-7480
dc.institutionauthorid0000-0003-2865-6370
dc.language.isoen
dc.peerreviewedYesen_US
dc.publicationstatusPublisheden_US
dc.publisherUğur Şenen_US
dc.relation.ispartofBlack Sea Journal of Engineering and Scienceen_US
dc.relation.publicationcategoryMakale - Ulusal Hakemli Dergi - Öğrencien_US
dc.relation.publicationcategoryMakale - Ulusal Hakemli Dergi - Kurum Öğretim Elemanıen_US
dc.rightsinfo:eu-repo/semantics/openAccess
dc.subjectIncident managementen_US
dc.subjectAnalyst assignmenten_US
dc.subjectSOC optimizationen_US
dc.subjectIncident prioritizationen_US
dc.subjectCorrelation scoreen_US
dc.subjectSLA urgencyen_US
dc.titleAnalyst-aware incident assignment in security operations centers: a multi-factor prioritization and optimization frameworken_US
dc.typeArticleen_US
dspace.entity.typePublicationen_US

Dosyalar

Orijinal paket
Listeleniyor 1 - 1 / 1
Küçük Resim
İsim:
Analyst_aware_incident_assignment_in_security_operations_centers_a_multi_factor_prioritization_and_optimization_framework.pdf
Boyut:
1.04 MB
Biçim:
Adobe Portable Document Format
İndir
Lisans paketi
Listeleniyor 1 - 1 / 1
Küçük Resim Yok
İsim:
license.txt
Boyut:
1.17 KB
Biçim:
Item-specific license agreed upon to submission
Açıklama:
İndir

Koleksiyon

Öğrenci Yayınları Makale Koleksiyonu
Lisansüstü Eğitim Enstitüsü Diğer Yayınlar Koleksiyonu
Makale Koleksiyonu | Bilgisayar Mühendisliği Bölümü