{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T22:45:20Z","timestamp":1776897920845,"version":"3.51.2"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032195395","type":"print"},{"value":"9783032195401","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-19540-1_2","type":"book-chapter","created":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T22:23:41Z","timestamp":1776896621000},"page":"20-35","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Reducing SOC Analysts Alert Fatigue via Real-Time CTI Correlation and Deduplication"],"prefix":"10.1007","author":[{"given":"Sotiris","family":"Koumourou","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1273-8910","authenticated-orcid":false,"given":"Adamantini","family":"Peratikou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4040-4942","authenticated-orcid":false,"given":"Eliana","family":"Stavrou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Savvas","family":"Theodoulou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3189-9421","authenticated-orcid":false,"given":"Stavros","family":"Stavrou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,4,1]]},"reference":[{"key":"2_CR1","doi-asserted-by":"publisher","unstructured":"Tellache, A., Korba, A.A., Mokhtari, A., Moldovan, H., Ghamri-Doudane, Y.: Advancing autonomous incident response: leveraging LLMs and cyber threat intelligence.  https:\/\/doi.org\/10.48550\/arXiv.2508.10677 (2025)","DOI":"10.48550\/arXiv.2508.10677"},{"issue":"3","key":"2_CR2","doi-asserted-by":"publisher","first-page":"1748","DOI":"10.1109\/COMST.2023.3273282","volume":"25","author":"N Sun","year":"2023","unstructured":"Sun, N., et al.: Cyber threat intelligence mining for proactive cybersecurity defense: a survey and new perspectives. IEEE Commun. Surv. Tutor. 25(3), 1748 (2023). https:\/\/doi.org\/10.1109\/COMST.2023.3273282","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"2_CR3","doi-asserted-by":"publisher","unstructured":"Gelman, B., Taoufiq, S., V\u00f6r\u00f6s, T., Berlin, K.: That escalated quickly: an ML framework for alert prioritization.  https:\/\/doi.org\/10.48550\/arXiv.2302.06648 (2023)","DOI":"10.48550\/arXiv.2302.06648"},{"key":"2_CR4","doi-asserted-by":"publisher","unstructured":"Maosa, H., Ouazzane, K., Ghanem, M.C.: A hierarchical security events correlation model for real-time threat detection and response. Res. Sq. (2023). https:\/\/doi.org\/10.21203\/rs.3.rs-3698487\/v1","DOI":"10.21203\/rs.3.rs-3698487\/v1"},{"key":"2_CR5","doi-asserted-by":"publisher","DOI":"10.1145\/3723158","author":"S Tariq","year":"2025","unstructured":"Tariq, S., Chhetri, M.B., Nepal, S., Paris, C.: Alert fatigue in security operations centres: research challenges and opportunities. ACM Comput. Surv. (2025). https:\/\/doi.org\/10.1145\/3723158","journal-title":"ACM Comput. Surv."},{"key":"2_CR6","doi-asserted-by":"publisher","unstructured":"Rafiey, P., Namadchian, A.: Using LLMs as AI agents to identify false positive alerts in a security operation center. Res. Sq. (2024). https:\/\/doi.org\/10.21203\/rs.3.rs-5420741\/v1","DOI":"10.21203\/rs.3.rs-5420741\/v1"},{"key":"2_CR7","doi-asserted-by":"publisher","unstructured":"Tseng, P., Yeh, Z., Dai, X., Liu, P.: Using LLMs to automate threat intelligence analysis workflows in security operation centers.  https:\/\/doi.org\/10.48550\/arXiv.2407.13093 (2024)","DOI":"10.48550\/arXiv.2407.13093"},{"key":"2_CR8","doi-asserted-by":"publisher","DOI":"10.1145\/3695462","author":"F Jalalvand","year":"2024","unstructured":"Jalalvand, F., Chhetri, M.B., Nepal, S., Paris, C.: Alert prioritisation in security operations centres: a systematic survey on criteria and methods. ACM Comput. Surv. (2024). https:\/\/doi.org\/10.1145\/3695462","journal-title":"ACM Comput. Surv."},{"key":"2_CR9","doi-asserted-by":"publisher","unstructured":"Jalalvand, F., Chhetri, M.B., Nepal, S., Paris, C.: Adaptive alert prioritisation in Security Operations Centres via learning to defer with human feedback.  https:\/\/doi.org\/10.48550\/arXiv.2506.18462 (2025)","DOI":"10.48550\/arXiv.2506.18462"},{"issue":"5","key":"2_CR10","doi-asserted-by":"publisher","first-page":"365","DOI":"10.3390\/info16050365","volume":"16","author":"I Ismail","year":"2025","unstructured":"Ismail, I., et al.: Toward robust SOAR in SOCs with hyper-automation using agentic AI. Information 16(5), 365 (2025). https:\/\/doi.org\/10.3390\/info16050365","journal-title":"Information"},{"issue":"1","key":"2_CR11","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1109\/TPDS.2019.2927977","volume":"31","author":"A Shah","year":"2019","unstructured":"Shah, A., Ganesan, R., Jajodia, S., Samarati, P., \u00c7am, H.: Adaptive alert management for balancing optimal performance among distributed CSOCs using reinforcement learning. IEEE Trans. Parallel Distrib. Syst. 31(1), 16 (2019). https:\/\/doi.org\/10.1109\/TPDS.2019.2927977","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"2_CR12","doi-asserted-by":"publisher","unstructured":"Freitas, S., Gharib, A.: GraphWeaver: billion-scale cybersecurity incident correlation.  https:\/\/doi.org\/10.48550\/arXiv.2406.01842 (2024)","DOI":"10.48550\/arXiv.2406.01842"},{"issue":"2","key":"2_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3644393","volume":"5","author":"J Ghadermazi","year":"2024","unstructured":"Ghadermazi, J., Shah, A., Jajodia, S.: A machine learning and optimization framework for efficient alert management in a cybersecurity operations center. Digit. Threats Res. Pract. 5(2), 1 (2024). https:\/\/doi.org\/10.1145\/3644393","journal-title":"Digit. Threats Res. Pract."},{"key":"2_CR14","doi-asserted-by":"publisher","unstructured":"Kearney, P., Abdelsamea, M.M., Schmoor, X., Shah, F., Vickers, I.: Combating alert fatigue in the security operations centre. SSRN (2023). https:\/\/doi.org\/10.2139\/ssrn.4633965","DOI":"10.2139\/ssrn.4633965"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Louca, A., Peratikou, A., Stavrou, S.: 802.11 man-in-the-middle attack using channel switch announcement (2021)","DOI":"10.1007\/978-3-030-64758-2_5"},{"key":"2_CR16","unstructured":"Peratikou, A., Stavrou, S.: On corporate resilience in the face of data breaches and the preventative power of awareness training (2025)"},{"key":"2_CR17","doi-asserted-by":"publisher","DOI":"10.1108\/ICS-04-2025-0163","author":"A Charalambous","year":"2025","unstructured":"Charalambous, A., Piki, A., Stavrou, E.: Redesigning cybersecurity awareness-raising and training programs: insights from professionals on knowledge, skills and educational practices. Inf. Comput. Secur. (2025). https:\/\/doi.org\/10.1108\/ICS-04-2025-0163","journal-title":"Inf. Comput. Secur."},{"issue":"11","key":"2_CR18","doi-asserted-by":"publisher","first-page":"3458","DOI":"10.3390\/s24113458","volume":"24","author":"G Potamos","year":"2024","unstructured":"Potamos, G., Stavrou, E., Stavrou, S.: Enhancing maritime cybersecurity through operational technology sensor data fusion: a comprehensive survey and analysis. Sensors 24(11), 3458 (2024)","journal-title":"Sensors"},{"key":"2_CR19","doi-asserted-by":"crossref","unstructured":"Floros, E., et al.: Towards the design of cyber range training programs for enhanced preparedness: Investigating the training needs in critical infrastructures. In: 2025 IEEE Global Engineering Education Conference (EDUCON), pp. 1\u201310 (2025)","DOI":"10.1109\/EDUCON62633.2025.11016646"},{"key":"2_CR20","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1016\/j.future.2022.04.028","volume":"135","author":"M Guarascio","year":"2022","unstructured":"Guarascio, M., Cassavia, N., Pisani, F.S., Manco, G.: Boosting cyber-threat intelligence via collaborative intrusion detection. Future Gener. Comput. Syst. 135, 30 (2022). https:\/\/doi.org\/10.1016\/j.future.2022.04.028","journal-title":"Future Gener. Comput. Syst."},{"issue":"4","key":"2_CR21","doi-asserted-by":"publisher","first-page":"1494","DOI":"10.3390\/s22041494","volume":"22","author":"H Albasheer","year":"2022","unstructured":"Albasheer, H., et al.: Cyber-attack prediction based on NIDS for alert correlation techniques: a survey. Sensors 22(4), 1494 (2022). https:\/\/doi.org\/10.3390\/s22041494","journal-title":"Sensors"},{"key":"2_CR22","doi-asserted-by":"publisher","unstructured":"Alturkistani, H., Chuprat, S.: Artificial intelligence and large language models in advancing cyber threat intelligence: a systematic literature review. Res. Sq. (2024). https:\/\/doi.org\/10.21203\/rs.3.rs-5423193\/v1","DOI":"10.21203\/rs.3.rs-5423193\/v1"},{"key":"2_CR23","doi-asserted-by":"publisher","unstructured":"Alevizos, L., Dekker, M.: Towards an AI-enhanced cyber threat intelligence processing pipeline. Electronics 13(11) (2024). https:\/\/doi.org\/10.3390\/electronics13112021","DOI":"10.3390\/electronics13112021"},{"key":"2_CR24","doi-asserted-by":"crossref","unstructured":"Peratikou, A., Charalambous, E., Smyrli, P., Stavrou, S.: ATHENA: a federated architecture for cross-border cybersecurity operations and situational awareness (2025)","DOI":"10.1109\/CSR64739.2025.11129994"},{"key":"2_CR25","doi-asserted-by":"publisher","unstructured":"Nguyen, H., Tariq, S., Chhetri, M.B., Vo, Q.B.: Towards effective identification of attack techniques in CTI reports using large language models (2025). https:\/\/doi.org\/10.1145\/3701716.3715469","DOI":"10.1145\/3701716.3715469"},{"key":"2_CR26","doi-asserted-by":"publisher","unstructured":"Fieblinger, R., Alam, T., Rastogi, N.: Actionable cyber threat intelligence using knowledge graphs and large language models. In: 2024 IEEE EuroS&P Workshops, p. 100 (2024). https:\/\/doi.org\/10.1109\/EuroSPW61312.2024.00018","DOI":"10.1109\/EuroSPW61312.2024.00018"},{"key":"2_CR27","doi-asserted-by":"publisher","unstructured":"Mavroeidis, V., Bromander, S.: Cyber threat intelligence model: evaluation of taxonomies, sharing standards, and ontologies within CTI. In: Proceedings of the EISIC, p. 91 (2017). https:\/\/doi.org\/10.1109\/EISIC.2017.20","DOI":"10.1109\/EISIC.2017.20"},{"key":"2_CR28","doi-asserted-by":"publisher","unstructured":"Ovabor, K., Sule-Odu, I.O., Atkison, T., Fabusoro, A.T., Benedict, J.O.: AI-driven threat intelligence for real-time cybersecurity: frameworks, tools, and future directions. Open Access Res. J. Sci. Technol. 12(2), 40 (2024). https:\/\/doi.org\/10.53022\/oarjst.2024.12.2.0135","DOI":"10.53022\/oarjst.2024.12.2.0135"},{"issue":"1","key":"2_CR29","doi-asserted-by":"publisher","first-page":"140","DOI":"10.3390\/jcp1010008","volume":"1","author":"D Preuveneers","year":"2021","unstructured":"Preuveneers, D., Joosen, W.: Sharing machine learning models as indicators of compromise for cyber threat intelligence. J. Cybersecur. Priv. 1(1), 140 (2021). https:\/\/doi.org\/10.3390\/jcp1010008","journal-title":"J. Cybersecur. Priv."},{"issue":"12","key":"2_CR30","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3571726","volume":"55","author":"MR Rahman","year":"2022","unstructured":"Rahman, M.R., Mahdavi-Hezaveh, R., Williams, L.: What are the attackers doing now? Automating CTI extraction from text on pace with the changing threat landscape: a survey. ACM Comput. Surv. 55(12), 1 (2022). https:\/\/doi.org\/10.1145\/3571726","journal-title":"ACM Comput. Surv."},{"issue":"16","key":"2_CR31","doi-asserted-by":"publisher","first-page":"7273","DOI":"10.3390\/s23167273","volume":"23","author":"S Saeed","year":"2023","unstructured":"Saeed, S., Suayyid, S.A., Al-Ghamdi, M.S., Almuhaisen, H.A., Almuhaideb, A.M.: A systematic literature review on cyber threat intelligence for organizational cybersecurity resilience. Sensors 23(16), 7273 (2023). https:\/\/doi.org\/10.3390\/s23167273","journal-title":"Sensors"}],"container-title":["Lecture Notes in Computer Science","Critical Information Infrastructures Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-19540-1_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T22:23:43Z","timestamp":1776896623000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-19540-1_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032195395","9783032195401"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-19540-1_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 April 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare that are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"CRITIS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Critical Information Infrastructures Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"J\u00f6nk\u00f6ping","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Sweden","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 October 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 October 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"critis2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/jth-critis.hj.se\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}