{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T15:10:33Z","timestamp":1775056233923,"version":"3.50.1"},"reference-count":75,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2024,7,3]],"date-time":"2024-07-03T00:00:00Z","timestamp":1719964800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computers"],"abstract":"<jats:p>The volume and complexity of alerts that security operation center (SOC) analysts must manage necessitate automation. Increased automation in SOCs amplifies the risk of automation bias and complacency whereby security analysts become over-reliant on automation, failing to seek confirmatory or contradictory information. To identify automation characteristics that assist in the mitigation of automation bias and complacency, we investigated the current and proposed application areas of automation in SOCs and discussed its implications for security analysts. A scoping review of 599 articles from four databases was conducted. The final 48 articles were reviewed by two researchers for quality control and were imported into NVivo14. Thematic analysis was performed, and the use of automation throughout the incident response lifecycle was recognized, predominantly in the detection and response phases. Artificial intelligence and machine learning solutions are increasingly prominent in SOCs, yet support for the human-in-the-loop component is evident. The research culminates by contributing the SOC Automation Implementation Guidelines (SAIG), comprising functional and non-functional requirements for SOC automation tools that, if implemented, permit a mutually beneficial relationship between security analysts and intelligent machines. This is of practical value to human automation researchers and SOCs striving to optimize processes. Theoretically, a continued understanding of automation bias and its components is achieved.<\/jats:p>","DOI":"10.3390\/computers13070165","type":"journal-article","created":{"date-parts":[[2024,7,3]],"date-time":"2024-07-03T09:23:59Z","timestamp":1719998639000},"page":"165","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Automation Bias and Complacency in Security Operation Centers"],"prefix":"10.3390","volume":"13","author":[{"given":"Jack","family":"Tilbury","sequence":"first","affiliation":[{"name":"School of Cyber Studies, The University of Tulsa, Tulsa, OK 74104, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4591-3802","authenticated-orcid":false,"given":"Stephen","family":"Flowerday","sequence":"additional","affiliation":[{"name":"School of Cyber Studies, The University of Tulsa, Tulsa, OK 74104, USA"}]}],"member":"1968","published-online":{"date-parts":[[2024,7,3]]},"reference":[{"key":"ref_1","unstructured":"Basyurt, A.S., Fromm, J., Kuehn, P., Kaufhold, M.-A., and Mirbabaie, M. (2022, January 21\u201323). Help Wanted\u2014Challenges in Data Collection, Analysis and Communication of Cyber Threats in Security Operation Centers. Proceedings of the 17th International Conference on Wirtschaftsinformatik, WI, Nuremberg, Germany. Available online: https:\/\/www.scopus.com\/inward\/record.uri?eid=2-s2.0-85171997510&partnerID=40&md5=30a02b455898c7c2c9d2421d82606470."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"103201","DOI":"10.1016\/j.cose.2023.103201","article-title":"Testing SOAR Tools in Use","volume":"129","author":"Bridges","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Dietrich, C., Krombholz, K., Borgolte, K., and Fiebig, T. (2018, January 15\u201319). Investigating System Operators\u2019 Perspective on Security Misconfigurations. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada.","DOI":"10.1145\/3243734.3243794"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Hughes, K., McLaughlin, K., and Sezer, S. (2020, January 11\u201312). Dynamic Countermeasure Knowledge for Intrusion Response Systems. Proceedings of the 2020 31st Irish Signals and Systems Conference, ISSC, Letterkenny, Ireland.","DOI":"10.1109\/ISSC49989.2020.9180198"},{"key":"ref_5","unstructured":"(2023). Vectra AI 2023 State of Threat Detection\u2014The Defenders\u2019 Dilemma, Vectra AI. Available online: https:\/\/www.vectra.ai\/resources\/2023-state-of-threat-detection."},{"key":"ref_6","unstructured":"Alahmadi, B.A., Axon, L., and Martinovic, I. (2022). 99% False Positives: A Qualitative Study of SOC Analysts\u2019 Perspectives on Security Alarms. Proceedings of the 31st Usenix Security Symposium, Boston, MA, USA, 10\u201312 August 2022, Usenix\u2014The Advanced Computing Systems Association."},{"key":"ref_7","unstructured":"(2021). Devo 2021 Devo SOC Performance Report 2021, Ponemon Institute. Available online: https:\/\/www.devo.com\/blog\/2021-devo-soc-performance-report-soc-leaders-and-staff-are-not-aligned\/."},{"key":"ref_8","unstructured":"Tines (2022). Voice of the SOC Analyst. Tines. Available online: https:\/\/www.tines.com\/reports\/voice-of-the-soc-analyst."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1518\/hfes.46.1.50.30392","article-title":"Trust in Automation: Designing for Appropriate Reliance","volume":"46","author":"Lee","year":"2004","journal-title":"Hum. Factors"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1207\/s15327108ijap0801_3","article-title":"Automation Bias: Decision Making and Performance in High-Tech Cockpits","volume":"8","author":"Mosier","year":"1998","journal-title":"Int. J. Aviat. Psychol."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"381","DOI":"10.1177\/0018720810376055","article-title":"Complacency and Bias in Human Use of Automation: An Attentional Integration","volume":"52","author":"Parasuraman","year":"2010","journal-title":"Hum. Factors"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"991","DOI":"10.1006\/ijhc.1999.0252","article-title":"Does Automation Bias Decision-Making?","volume":"51","author":"Skitka","year":"1999","journal-title":"Int. J. Hum.-Comput. Stud."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"286","DOI":"10.1109\/3468.844354","article-title":"A Model for Types and Levels of Human Interaction with Automation","volume":"30","author":"Parasuraman","year":"2000","journal-title":"IEEE Trans. Syst. Man Cybern. A"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"102020","DOI":"10.1016\/j.cose.2020.102020","article-title":"When believing in technology leads to poor cyber security: Development of a trust in technical controls scale","volume":"98","author":"Butavicius","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"27881","DOI":"10.1109\/ACCESS.2022.3157738","article-title":"Integrated Network and Security Operation Center: A Systematic Analysis","volume":"10","author":"Shahjee","year":"2022","journal-title":"IEEE Access"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"227756","DOI":"10.1109\/ACCESS.2020.3045514","article-title":"Security Operations Center: A Systematic Study and Open Challenges","volume":"8","author":"Vielberth","year":"2020","journal-title":"IEEE Access"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"2119","DOI":"10.11124\/JBIES-20-00167","article-title":"Updated Methodological Guidance for the Conduct of Scoping Reviews","volume":"18","author":"Peters","year":"2020","journal-title":"JBI Evid. Synth."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"953","DOI":"10.11124\/JBIES-21-00242","article-title":"Best Practice Guidance and Reporting Items for the Development of Scoping Review Protocols","volume":"20","author":"Peters","year":"2022","journal-title":"JBI Evid. Synth."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1080\/1364557032000119616","article-title":"Scoping Studies: Towards a Methodological Framework","volume":"8","author":"Arksey","year":"2005","journal-title":"Int. J. Soc. Res. Methodol."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"533","DOI":"10.1002\/jrsm.1563","article-title":"Citationchaser: A Tool for Transparent and Efficient Forward and Backward Citation Chasing in Systematic Searching","volume":"13","author":"Haddaway","year":"2022","journal-title":"Res. Synth. Methods"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1191\/1478088706qp063oa","article-title":"Using Thematic Analysis in Psychology","volume":"3","author":"Braun","year":"2006","journal-title":"Qual. Res. Psychol."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3491260","article-title":"Building Machine Learning-Based Threat Hunting System from Scratch","volume":"3","author":"Chen","year":"2022","journal-title":"Digit. Threat."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Oprea, A., Li, Z., Norris, R., and Bowers, K. (2018). MADE: Security Analytics for Enterprise Threat Detection. ACSAC \u201918: Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, PR, USA, 3\u20137 December 2018, Association for Computing Machinery.","DOI":"10.1145\/3274694.3274710"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Yen, T.-F., Oprea, A., Onarlioglu, K., Leetham, T., Robertson, W., Juels, A., and Kirda, E. (2013). Beehive: Large-Scale Log Analysis for Detecting Suspicious Activity in Enterprise Networks. ACSAC \u201913: Proceedings of the 29th Annual Computer Security Applications Conference, New Orleans, LA, USA, 9\u201313 December 2013, Association for Computing Machinery.","DOI":"10.1145\/2523649.2523670"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1145\/3474718.3474723","article-title":"Combat Security Alert Fatigue with AI-Assisted Techniques","volume":"Volume 21","author":"Ban","year":"2021","journal-title":"Proceedings of the CSET \u201921: Proceedings of the 14th Cyber Security Experimentation and Test Workshop, Virtual, 9 August 2021"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"20216","DOI":"10.1109\/ACCESS.2023.3248652","article-title":"Toward a Superintelligent Action Recommender for Network Operation Centers Using Reinforcement Learning","volume":"11","author":"Altamimi","year":"2023","journal-title":"IEEE Access"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Hassan, W.U., Guo, S., Li, D., Chen, Z., Jee, K., Li, Z., and Bates, A. (2019, January 24\u201327). NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage. Proceedings of the Proceedings 2019 Network and Distributed System Security Symposium, San Diego, CA, USA.","DOI":"10.14722\/ndss.2019.23349"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Kurogome, Y., Otsuki, Y., Kawakoya, Y., Iwamura, M., Hayashi, S., Mori, T., and Sen, K. (2019). EIGER: Automated IOC Generation for Accurate and Interpretable Endpoint Malware Detection. Proceedings of ACSAC \u201919: Proceedings of the 35th Annual Computer Security Applications Conference, San Juan, PR, USA, 9\u201313 December 2019, Association for Computing Machinery.","DOI":"10.1145\/3359789.3359808"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Ndichu, S., Ban, T., Takahashi, T., and Inoue, D. (2021, January 15\u201318). A Machine Learning Approach to Detection of Critical Alerts from Imbalanced Multi-Appliance Threat Alert Logs. Proceedings of the 2021 IEEE International Conference on Big Data (Big Data), Orlando, FL, USA.","DOI":"10.1109\/BigData52589.2021.9671956"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3512768","article-title":"APIRO: A Framework for Automated Security Tools API Recommendation","volume":"32","author":"Sworna","year":"2023","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"603","DOI":"10.1109\/JSYST.2018.2828832","article-title":"Learning From Experts\u2019 Experience: Toward Automated Cyber Security Data Triage","volume":"13","author":"Zhong","year":"2019","journal-title":"IEEE Syst. J."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Gonz\u00e1lez-Granadillo, G., Gonz\u00e1lez-Zarzosa, S., and Diaz, R. (2021). Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures. Sensors, 21.","DOI":"10.3390\/s21144759"},{"key":"ref_33","unstructured":"Akinrolabu, O., Agrafiotis, I., and Erola, A. (, January 27\u201330). The Challenge of Detecting Sophisticated Attacks: Insights from SOC Analysts. Proceedings of the Proceedings of the 13th International Conference on Availability, Reliability and Security, Hamburg, Germany."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"van Ede, T., Aghakhani, H., Spahn, N., Bortolameotti, R., Cova, M., Continella, A., Steen, M.v., Peter, A., Kruegel, C., and Vigna, G. (2022, January 23\u201325). DEEPCASE: Semi-Supervised Contextual Analysis of Security Events. Proceedings of the 2022 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP46214.2022.9833671"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3582077","article-title":"Implementing Data Exfiltration Defense in Situ: A Survey of Countermeasures and Human Involvement","volume":"55","author":"Chung","year":"2023","journal-title":"ACM Comput. Surv."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"204","DOI":"10.1109\/TVCG.2018.2865029","article-title":"Situ: Identifying and Explaining Suspicious Behavior in Networks","volume":"25","author":"Goodall","year":"2019","journal-title":"IEEE Trans. Vis. Comput. Graph."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Strickson, B., Worsley, C., and Bertram, S. (June, January 30). Human-Centered Assessment of Automated Tools for Improved Cyber Situational Awareness. Proceedings of the 2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon), Tallinn, Estonia.","DOI":"10.23919\/CyCon58705.2023.10181567"},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"19089","DOI":"10.1109\/ACCESS.2020.2966760","article-title":"From Logs to Stories: Human-Centred Data Mining for Cyber Threat Intelligence","volume":"8","author":"Afzaliseresht","year":"2020","journal-title":"IEEE Access"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"107451","DOI":"10.1016\/j.chb.2022.107451","article-title":"Adapt and Overcome: Perceptions of Adaptive Autonomous Agents for Human-AI Teaming","volume":"138","author":"Hauptman","year":"2023","journal-title":"Comput. Hum. Behav."},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"34352","DOI":"10.1109\/ACCESS.2022.3161636","article-title":"DomainPrio: Prioritizing Domain Name Investigations to Improve SOC Efficiency","volume":"10","author":"Chiba","year":"2022","journal-title":"IEEE Access"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Gupta, N., Traore, I., and de Quinan, P.M.F. (2019, January 9\u201312). Automated Event Prioritization for Security Operation Center using Deep Learning. Proceedings of the 2019 IEEE International Conference on Big Data (Big Data), Los Angeles, CA, USA.","DOI":"10.1109\/BigData47090.2019.9006073"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"103370","DOI":"10.1016\/j.jnca.2022.103370","article-title":"SmartValidator: A Framework for Automatic Identification and Classification of Cyber Threat Data","volume":"202","author":"Islam","year":"2022","journal-title":"J. Network Comput. Appl."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Renners, L., Heine, F., Kleiner, C., and Rodosek, G.D. (2019, January 3\u20134). Adaptive and Intelligible Prioritization for Network Security Incidents. Proceedings of the 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), Oxford, UK.","DOI":"10.1109\/CyberSecPODS.2019.8885208"},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Demertzis, K., Tziritas, N., Kikiras, P., Sanchez, S.L., and Iliadis, L. (2019). The next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks. Big Data Cogn. Comput., 3.","DOI":"10.3390\/bdcc3010006"},{"key":"ref_45","first-page":"102352","article-title":"Cognitive Security: A Comprehensive Study of Cognitive Science in Cybersecurity","volume":"48","author":"Andrade","year":"2019","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Chamberlain, L.B., Davis, L.E., Stanley, M., and Gattoni, B.R. (2020, January 18\u201320). Automated Decision Systems for Cybersecurity and Infrastructure Security. Proceedings of the 2020 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA.","DOI":"10.1109\/SPW50608.2020.00048"},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"102609","DOI":"10.1016\/j.cose.2022.102609","article-title":"CRUSOE: A Toolset for Cyber Situational Awareness and Decision Support in Incident Handling","volume":"115","author":"Sadlek","year":"2022","journal-title":"Comput. Secur."},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"103394","DOI":"10.1016\/j.im.2020.103394","article-title":"Trust Calibration of Automated Security IT Artifacts: A Multi-Domain Study of Phishing-Website Detection Tools","volume":"58","author":"Chen","year":"2021","journal-title":"Inf. Manag."},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Erola, A., Agrafiotis, I., Happa, J., Goldsmith, M., Creese, S., and Legg, P.A. (2017, January 19\u201320). RicherPicture: Semi-Automated Cyber Defence Using Context-Aware Data Analytics. Proceedings of the 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), London, UK.","DOI":"10.1109\/CyberSA.2017.8073399"},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3450973","article-title":"Assessing a Decision Support Tool for SOC Analysts","volume":"2","author":"Happa","year":"2021","journal-title":"Digit. Threat. Res. Pract."},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"102334","DOI":"10.1016\/j.ijinfomgt.2021.102334","article-title":"Real-Time Analytics, Incident Response Process Agility and Enterprise Cybersecurity Performance: A Contingent Resource-Based Analysis","volume":"59","author":"Naseer","year":"2021","journal-title":"Int. J. Inf. Manag."},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"102535","DOI":"10.1016\/j.cose.2021.102535","article-title":"Developing Decision Support for Cybersecurity Threat and Incident Managers","volume":"113","author":"Schraagen","year":"2022","journal-title":"Comput. Secur."},{"key":"ref_53","doi-asserted-by":"crossref","unstructured":"Amthor, P., Fischer, D., K\u00fchnhauser, W.E., and Stelzer, D. (2019). Automated Cyber Threat Sensing and Responding: Integrating Threat Intelligence into Security-Policy-Controlled Systems. Proceedings of the ARES \u201919: Proceedings of the 14th International Conference on Availability, Reliability and Security, Canterbury, UK, 26\u201329 August 2019, Association for Computing Machinery.","DOI":"10.1145\/3339252.3340509"},{"key":"ref_54","doi-asserted-by":"crossref","first-page":"527","DOI":"10.32604\/iasc.2021.016240","article-title":"Ai\/Ml in Security Orchestration, Automation and Response: Future Research Directions","volume":"28","author":"Kinyua","year":"2021","journal-title":"Intell. Autom. Soft Comp."},{"key":"ref_55","doi-asserted-by":"crossref","first-page":"112392","DOI":"10.1109\/ACCESS.2022.3216617","article-title":"Explainable Intrusion Detection Systems (X-IDS): A Survey of Current Methods, Challenges, and Opportunities","volume":"10","author":"Neupane","year":"2022","journal-title":"IEEE Access"},{"key":"ref_56","doi-asserted-by":"crossref","first-page":"463","DOI":"10.1109\/THMS.2021.3051137","article-title":"Automation Error Type and Methods of Communicating Automation Reliability Affect Trust and Performance: An Empirical Study in the Cyber Domain","volume":"51","author":"Chen","year":"2021","journal-title":"IEEE Trans. Hum.-Mach. Syst."},{"key":"ref_57","doi-asserted-by":"crossref","first-page":"452","DOI":"10.1007\/978-3-030-22351-9_31","article-title":"Trust in Automated Software Repair: The Effects of Repair Source, Transparency, and Programmer Experience on Perceived Trustworthiness and Trust","volume":"Volume 11594","author":"Moallem","year":"2019","journal-title":"Proceedings of the HCI for Cybersecurity, Privacy and Trust"},{"key":"ref_58","doi-asserted-by":"crossref","unstructured":"Hus\u00e1k, M., and \u010cerm\u00e1k, M. (2022). SoK: Applications and Challenges of Using Recommender Systems in Cybersecurity Incident Handling and Response. ARES \u201922: Proceedings of the 17th International Conference on Availability, Reliability and Security, Vienna Austria, 23\u201326 August 2022, Association for Computing Machinery.","DOI":"10.1145\/3538969.3538981"},{"key":"ref_59","doi-asserted-by":"crossref","unstructured":"Gutzwiller, R.S., Fugate, S., Sawyer, B.D., and Hancock, P.A. (2015, January 26\u201330). The Human Factors of Cyber Network Defense. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, Los Angeles, CA, USA.","DOI":"10.1177\/1541931215591067"},{"key":"ref_60","doi-asserted-by":"crossref","unstructured":"Kokulu, F.B., Soneji, A., Bao, T., Shoshitaishvili, Y., Zhao, Z., Doup\u00e9, A., and Ahn, G.-J. (2019). Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues. Proceedings of the CCS \u201919: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK, 11\u201315 November 2019, Association for Computing Machinery.","DOI":"10.1145\/3319535.3354239"},{"key":"ref_61","unstructured":"Brown, P., Christensen, K., and Schuster, D. (2016, January 19\u201323). An Investigation of Trust in a Cyber Security Tool. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, Washington, DC, USA."},{"key":"ref_62","doi-asserted-by":"crossref","first-page":"102937","DOI":"10.1016\/j.cose.2022.102937","article-title":"Why People Keep Falling for Phishing Scams: The Effects of Time Pressure and Deception Cues on the Detection of Phishing Emails","volume":"123","author":"Butavicius","year":"2022","journal-title":"Comput. Secur."},{"key":"ref_63","first-page":"353","article-title":"Self-Aware Effective Identification and Response to Viral Cyber Threats","volume":"Volume 2021","author":"Jancarkova","year":"2021","journal-title":"Proceedings of the 13th International Conference on Cyber Conflict (CyCon), Tallinn, Estonia, 25\u201328 May 2021"},{"key":"ref_64","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3305268","article-title":"A Multi-Vocal Review of Security Orchestration","volume":"52","author":"Islam","year":"2019","journal-title":"ACM Comput. Surv."},{"key":"ref_65","doi-asserted-by":"crossref","unstructured":"Pawlicka, A., Pawlicki, M., Kozik, R., and Chora\u015b, R.S. (2021). A Systematic Review of Recommender Systems and Their Applications in Cybersecurity. Sensors, 21.","DOI":"10.3390\/s21155248"},{"key":"ref_66","doi-asserted-by":"crossref","first-page":"102959","DOI":"10.1016\/j.cose.2022.102959","article-title":"A Systematic Method for Measuring the Performance of a Cyber Security Operations Centre Analyst","volume":"124","author":"Agyepong","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_67","doi-asserted-by":"crossref","first-page":"103069","DOI":"10.1016\/j.cose.2022.103069","article-title":"Understanding Situation Awareness in SOCs, a Systematic Literature Review","volume":"126","author":"Ofte","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_68","first-page":"388","article-title":"Humans and Automation: Augmenting Security Operation Centers","volume":"4","author":"Tilbury","year":"2024","journal-title":"J. Cybersecur. Priv. JCP"},{"key":"ref_69","doi-asserted-by":"crossref","first-page":"145","DOI":"10.1007\/978-3-030-41579-2_9","article-title":"Automated Cyber Threat Intelligence Reports Classification for Early Warning of Cyber Attacks in Next Generation SOC","volume":"Volume 11999","author":"Zhou","year":"2020","journal-title":"Information and Communications Security: 21st International Conference"},{"key":"ref_70","doi-asserted-by":"crossref","first-page":"106856","DOI":"10.1016\/j.infsof.2022.106856","article-title":"Context2Vector: Accelerating Security Event Triage via Context Representation Learning","volume":"146","author":"Liu","year":"2022","journal-title":"Inf. Softw. Technol."},{"key":"ref_71","first-page":"200381","article-title":"Cluster-Based Wireless Sensor Network Framework for Denial-of-Service Attack Detection Based on Variable Selection Ensemble Machine Learning Algorithms","volume":"22","author":"John","year":"2024","journal-title":"Intell. Syst. Appl."},{"key":"ref_72","doi-asserted-by":"crossref","first-page":"24","DOI":"10.1080\/10429247.2008.11431785","article-title":"System of Systems Engineering Requirements: Challenges and Guidelines","volume":"20","author":"Keating","year":"2008","journal-title":"Eng. Manag. J."},{"key":"ref_73","doi-asserted-by":"crossref","unstructured":"Kurtanovic, Z., and Maalej, W. (2017, January 4\u20138). Automatically Classifying Functional and Non-Functional Requirements Using Supervised Machine Learning. Proceedings of the 2017 IEEE 25th International Requirements Engineering Conference (RE), Lisbon, Portugal.","DOI":"10.1109\/RE.2017.82"},{"key":"ref_74","doi-asserted-by":"crossref","unstructured":"Eckhardt, J., Vogelsang, A., and Fern\u00e1ndez, D.M. (2016, January 14\u201322). Are \u201cNon-Functional\u201d Requirements Really Non-Functional? An Investigation of Non-Functional Requirements in Practice. Proceedings of the 38th International Conference on Software Engineering, Austin, TX, USA.","DOI":"10.1145\/2884781.2884788"},{"key":"ref_75","first-page":"87","article-title":"The Rationality of Automation Bias in Security Operation Centers","volume":"20","author":"Tilbury","year":"2024","journal-title":"J. Inf. Syst. Secur."}],"container-title":["Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-431X\/13\/7\/165\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T15:09:43Z","timestamp":1760108983000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-431X\/13\/7\/165"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,3]]},"references-count":75,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2024,7]]}},"alternative-id":["computers13070165"],"URL":"https:\/\/doi.org\/10.3390\/computers13070165","relation":{},"ISSN":["2073-431X"],"issn-type":[{"value":"2073-431X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,7,3]]}}}