{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T04:36:26Z","timestamp":1777523786326,"version":"3.51.4"},"reference-count":44,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,11,12]],"date-time":"2025-11-12T00:00:00Z","timestamp":1762905600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,11,12]],"date-time":"2025-11-12T00:00:00Z","timestamp":1762905600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,11,12]]},"DOI":"10.1109\/icdmw69685.2025.00141","type":"proceedings-article","created":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T19:50:39Z","timestamp":1773172239000},"page":"1190-1199","source":"Crossref","is-referenced-by-count":3,"title":["AutoBnB-RAG: Enhancing Multi-Agent Incident Response with Retrieval-Augmented Generation"],"prefix":"10.1109","author":[{"given":"Zefang","family":"Liu","sequence":"first","affiliation":[{"name":"*Capital One,San Jose,USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Arman","family":"Anwar","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology,Atlanta,USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.21236\/ada358945"},{"key":"ref2","author":"Mandia","year":"2001","journal-title":"Incident response: investigating computer crime"},{"key":"ref3","volume-title":"Computer forensics: incident response essentials","author":"Kruse","year":"2001"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2012.04.001"},{"key":"ref5","volume-title":"Incident response & computer forensics","author":"Luttgens","year":"2014"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/3744746"},{"key":"ref7","article-title":"Large language model based multi-agents: A survey of progress and challenges","author":"Guo","year":"2024","journal-title":"arXiv preprint"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.eml.2024.102131"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3696410.3714877"},{"key":"ref10","article-title":"Econwebarena: Benchmarking autonomous agents on economic tasks in realistic web environments","author":"Liu","year":"2025","journal-title":"arXiv preprint"},{"key":"ref11","article-title":"Invagent: A large language model based multiagent system for inventory management in supply chains","author":"Quan","year":"2024","journal-title":"arXiv preprint"},{"key":"ref12","article-title":"Crmagent: A multi-agent 11 m system for e-commerce crm message template generation","author":"Quan","year":"2025","journal-title":"arXiv preprint"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/ISDFS60797.2024.10527236"},{"key":"ref14","article-title":"Secqa: A concise question-answering dataset for evaluating large language models in computer security","author":"Liu","year":"2023","journal-title":"arXiv preprint"},{"key":"ref15","author":"Liu","year":"2024","journal-title":"Cyberbench: A multi-task benchmark for evaluating large language models in cybersecurity"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/CSR61664.2024.10679494"},{"key":"ref17","article-title":"Large language models in cybersecurity: State-of-the-art","author":"Motlagh","year":"2024","journal-title":"arXiv preprint"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3769676"},{"key":"ref19","article-title":"Employing llms for incident response planning and review","author":"Hays","year":"2024","journal-title":"arXiv preprint"},{"issue":"CEUR-WS","key":"ref20","first-page":"135","article-title":"Dawn of 11 m 4 cyber: Current solutions, challenges, and new perspectives in harnessing 11 ms for cybersecurity","volume-title":"CEUR WORKSHOP PROCEEDINGS","volume":"3762","author":"Caviglione","year":"2024"},{"key":"ref21","volume-title":"Backdoors & breaches: An incident response card game","year":"2020"},{"key":"ref22","first-page":"4901","article-title":"Backdoors & breaches: Using a tabletop exercise game to teach cybersecurity incident response","volume-title":"Proceedings of the EDSIG Conference","volume":"2473","author":"Young","year":"2021"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-94924-1_9"},{"key":"ref24","article-title":"Multi-agent collaboration in incident response with large language models","author":"Liu","year":"2024","journal-title":"arXiv preprint"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/ISDFS65363.2025.11012055"},{"key":"ref26","first-page":"9459","article-title":"Retrievalaugmented generation for knowledge-intensive nlp tasks","volume":"33","author":"Lewis","year":"2020","journal-title":"Advances in neural information processing systems"},{"key":"ref27","article-title":"Retrieval-augmented generation for large language models: A survey","author":"Gao","year":"2023","journal-title":"arXiv preprint"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.3390\/computers14020067"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2025.108186"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3672608.3707898"},{"key":"ref31","author":"Kurniawan","year":"2024","journal-title":"Cykg-rag: Towards knowledge-graph enhanced retrieval augmented generation for cybersecurity"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.2172\/2474934"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-82362-6_15"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/bigdata66926.2025.11401740"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom63139.2024.00098"},{"key":"ref36","article-title":"Autogen: Enabling next-gen llm applications via multi-agent conversation framework","author":"Wu","year":"2023","journal-title":"arXiv preprint"},{"key":"ref37","article-title":"Gpt-4 technical report","author":"Achiam","year":"2023","journal-title":"arXiv preprint"},{"key":"ref38","year":"2023","journal-title":"Langchain: Framework for developing context-aware language model applications"},{"key":"ref39","year":"2023","journal-title":"Chroma: Open-source embedding database and vector search for ai applications"},{"key":"ref40","year":"2024","journal-title":"New embedding models and api updates"},{"key":"ref41","year":"2025","journal-title":"Major cyber attacks, ransomware attacks and data breaches of june 2025"},{"key":"ref42","author":"Greig","year":"2025","journal-title":"Nearly 3,000 north face website customer accounts breached as retail incidents continue"},{"key":"ref43","author":"Toulas","year":"2025","journal-title":"Hacker steals 1 million cock.li user records in webmail data breach"},{"key":"ref44","author":"Abrams","year":"2025","journal-title":"Malware found in npm packages with 1 million weekly downloads"}],"event":{"name":"2025 IEEE International Conference on Data Mining Workshops (ICDMW)","location":"Washington, DC, USA","start":{"date-parts":[[2025,11,12]]},"end":{"date-parts":[[2025,11,15]]}},"container-title":["2025 IEEE International Conference on Data Mining Workshops (ICDMW)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11415623\/11415713\/11415893.pdf?arnumber=11415893","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T05:18:33Z","timestamp":1773206313000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11415893\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,12]]},"references-count":44,"URL":"https:\/\/doi.org\/10.1109\/icdmw69685.2025.00141","relation":{},"subject":[],"published":{"date-parts":[[2025,11,12]]}}}