Alert Fatigue in Security Operations Centres: Research Challenges and Opportunities

IF 23.8 1区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS ACM Computing Surveys Pub Date : 2025-03-12 DOI:10.1145/3723158

Shahroz Tariq, Mohan Baruwal Chhetri, Surya Nepal, Cecile Paris

{"title":"Alert Fatigue in Security Operations Centres: Research Challenges and Opportunities","authors":"Shahroz Tariq, Mohan Baruwal Chhetri, Surya Nepal, Cecile Paris","doi":"10.1145/3723158","DOIUrl":null,"url":null,"abstract":"A security operations centre (SOC) is a facility where teams of security professionals, supported by advanced technologies and processes, work together to monitor, detect, and respond to cybersecurity incidents. With advances in AI technology, most of the SOC functions are increasingly becoming AI-driven. Among these, real-time alert monitoring and triage is particularly important. Recent studies, by both industry and academia, have highlighted the problem of alert fatigue and burnout in SOC. Several solutions have been proposed in the literature and by the industry to address this problem. In this paper, we review the existing literature and industry solutions on alert fatigue mitigation through the lenses of automation, augmentation, and human-AI collaboration. Based on the review, we identify four major causes of alert fatigue in SOC. We also examine the shortcomings of existing solutions and propose several potential research directions leveraging AI. By providing a comprehensive analysis of the state-of-the-art approaches and their limitations, this study contributes to the existing literature in an important field of study. We anticipate that it will inspire new research directions for addressing alert fatigue not just in SOCs but across other Command and Control (C2) domains as well.","PeriodicalId":50926,"journal":{"name":"ACM Computing Surveys","volume":"68 1","pages":""},"PeriodicalIF":23.8000,"publicationDate":"2025-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Computing Surveys","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3723158","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

A security operations centre (SOC) is a facility where teams of security professionals, supported by advanced technologies and processes, work together to monitor, detect, and respond to cybersecurity incidents. With advances in AI technology, most of the SOC functions are increasingly becoming AI-driven. Among these, real-time alert monitoring and triage is particularly important. Recent studies, by both industry and academia, have highlighted the problem of alert fatigue and burnout in SOC. Several solutions have been proposed in the literature and by the industry to address this problem. In this paper, we review the existing literature and industry solutions on alert fatigue mitigation through the lenses of automation, augmentation, and human-AI collaboration. Based on the review, we identify four major causes of alert fatigue in SOC. We also examine the shortcomings of existing solutions and propose several potential research directions leveraging AI. By providing a comprehensive analysis of the state-of-the-art approaches and their limitations, this study contributes to the existing literature in an important field of study. We anticipate that it will inspire new research directions for addressing alert fatigue not just in SOCs but across other Command and Control (C2) domains as well.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

求助全文

约1分钟内获得全文去求助

来源期刊

ACM Computing Surveys 工程技术-计算机：理论方法

CiteScore

33.20

自引率

0.60%

发文量

372

审稿时长

12 months

期刊介绍： ACM Computing Surveys is an academic journal that focuses on publishing surveys and tutorials on various areas of computing research and practice. The journal aims to provide comprehensive and easily understandable articles that guide readers through the literature and help them understand topics outside their specialties. In terms of impact, CSUR has a high reputation with a 2022 Impact Factor of 16.6. It is ranked 3rd out of 111 journals in the field of Computer Science Theory & Methods. ACM Computing Surveys is indexed and abstracted in various services, including AI2 Semantic Scholar, Baidu, Clarivate/ISI: JCR, CNKI, DeepDyve, DTU, EBSCO: EDS/HOST, and IET Inspec, among others.