{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,3]],"date-time":"2025-11-03T15:03:41Z","timestamp":1762182221112,"version":"build-2065373602"},"reference-count":33,"publisher":"MDPI AG","issue":"11","license":[{"start":{"date-parts":[[2025,11,3]],"date-time":"2025-11-03T00:00:00Z","timestamp":1762128000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>With the growing demand for refined security operations, Security Orchestration, Automation, and Response (SOAR) technologies have undergone rapid advancement. By leveraging intelligent orchestration capabilities in conjunction with core playbooks, SOAR facilitates both automated and semi-automated responses to security incidents. Nevertheless, the continuous evolution of network-attack techniques and the explosive growth of security alerts have rendered traditional static rule-based playbook matching and recommendation approaches increasingly inadequate in addressing the high frequency of alerts and the emergence of novel attack patterns. In this study, we propose an intelligent playbook recommendation algorithm for SOAR, developed under the paradigm of dynamic interest modeling. Specifically, the algorithm integrates a Transformer encoder, which captures long-term dynamic characteristics of alert signals in real time, with an LSTM network designed to extract short-term behavioral patterns. This hybrid architecture not only enables accurate playbook recommendations in high-volume alert scenarios, but also supports the reconstruction and optimization of playbooks, thereby offering valuable guidance for the mitigation of emerging threats. Experimental evaluations demonstrate that the proposed dynamic interest modeling-based algorithm exhibits high feasibility. It achieves improved performance in terms of both recommendation accuracy and efficiency, thus providing a robust technical foundation for enhancing the effectiveness of network security incident response and offering practical support for real-world security operations.<\/jats:p>","DOI":"10.3390\/sym17111851","type":"journal-article","created":{"date-parts":[[2025,11,3]],"date-time":"2025-11-03T13:55:22Z","timestamp":1762178122000},"page":"1851","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["An Intelligent Playbook Recommendation Algorithm Based on Dynamic Interest Modeling for SOAR"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8752-4381","authenticated-orcid":false,"given":"Hangyu","family":"Hu","sequence":"first","affiliation":[{"name":"School of Information and Communication Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-8311-7924","authenticated-orcid":false,"given":"Liangrui","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Information and Communication Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-0177-3087","authenticated-orcid":false,"given":"Zhaoyu","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Information and Communication Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China"}]},{"given":"Xingmiao","family":"Yao","sequence":"additional","affiliation":[{"name":"School of Information and Communication Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China"}]},{"given":"Xia","family":"Wu","sequence":"additional","affiliation":[{"name":"School of Information and Communication Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China"}]}],"member":"1968","published-online":{"date-parts":[[2025,11,3]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"669","DOI":"10.1109\/OJCS.2025.3564788","article-title":"Addressing Security Orchestration Challenges in Next-Generation Networks: A Comprehensive Overview","volume":"6","author":"Batewela","year":"2025","journal-title":"IEEE Open J. Comput. Soc."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Bartwal, U., Mukhopadhyay, S., Negi, R., and Shukla, S. (2022, January 22\u201324). Security orchestration, automation, and response engine for deployment of behavioural honeypots. Proceedings of the 2022 IEEE Conference on Dependable and Secure Computing (DSC), Edinburgh, UK.","DOI":"10.1109\/DSC54232.2022.9888808"},{"key":"ref_3","unstructured":"Neiva, C., Lawson, C., Bussa, T., and Sadowski, G. (2020). Market Guide for Security Orchestration, Automation and Response Solutions. Gartner, Inc."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Dwivedi, S., Rajendran, B., Akshay, P., Acha, A., Ampatt, P., and Sudarsan, S.D. (2024, January 16\u201320). IntelliSOAR: Intelligent Alert Enrichment Using Security Orchestration Automation and Response (SOAR). Proceedings of the International Conference on Information Systems Security, Jaipur, India.","DOI":"10.1007\/978-3-031-80020-7_27"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"7211","DOI":"10.1109\/TIFS.2025.3581103","article-title":"Hardening LLM Fine-Tuning: From Differentially Private Data Selection to Trustworthy Model Quantization","volume":"20","author":"Deng","year":"2025","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Ko, H., Lee, S., Park, Y., and Choi, A. (2022). A survey of recommendation systems: Recommendation models, techniques, and application fields. Electronics, 11.","DOI":"10.3390\/electronics11010141"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"182","DOI":"10.1145\/3716628","article-title":"Ai agents under threat: A survey of key security challenges and future pathways","volume":"57","author":"Deng","year":"2025","journal-title":"ACM Comput. Surv."},{"key":"ref_8","first-page":"29","article-title":"A Review of Recommendation Systems Based on Deep Learning","volume":"41","author":"Huang","year":"2018","journal-title":"J. Comput. Sci."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"4469","DOI":"10.1109\/TIFS.2025.3560557","article-title":"TrapNet: Model Inversion Defense via Trapdoor","volume":"20","author":"Ma","year":"2025","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"3541","DOI":"10.1109\/TII.2025.3534441","article-title":"Network traffic fingerprinting for IIoT device identification: A survey","volume":"21","author":"Sheng","year":"2025","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_11","unstructured":"Pazzani, M.J., and Billsus, D. (2007). Content-Based Recommendation Systems. The Adaptive Web: Methods and Strategies of Web Personalization, Springer."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"227","DOI":"10.1145\/3130348.3130372","article-title":"An Algorithmic Framework for Performing Collaborative Filtering","volume":"51","author":"Herlocker","year":"2017","journal-title":"ACM SIGIR Forum"},{"key":"ref_13","unstructured":"Badrul, S., George, K., Joseph, K., and John, R. (2001, January 1\u20135). Item-based collaborative filtering recommendation algorithmus. Proceedings of the 10th International Conference on World Wide Web, Hong Kong."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Cheng, H.-T., Koc, L., Harmsen, J., Shaked, T., Chandra, T., Aradhye, H., Anderson, G., Corrado, G., Chai, W., and Ispir, M. (2016, January 15). Wide & Deep Learning for Recommender Systems. Proceedings of the 1st Workshop on Deep Learning for Recommender Systems, Boston, MA, USA.","DOI":"10.1145\/2988450.2988454"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Guo, H., Tang, R., Ye, Y., Li, Z., and He, X. (2017, January 19\u201325). DeepFM: A Factorization-Machine based Neural Network for CTR Prediction. Proceedings of the Twenty-Sixth International Joint Conference on Artificial Intelligence, Melbourne, Australia.","DOI":"10.24963\/ijcai.2017\/239"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"He, X., and Chua, T.-S. (2017, January 7\u201311). Neural Factorization Machines for Sparse Predictive Analytics. Proceedings of the 40th International ACM SIGIR Conference on Research and Development in Information Retrieval, Tokyo, Japan.","DOI":"10.1145\/3077136.3080777"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Wang, R., Fu, B., Fu, G., and Wang, M. (2017, January 13\u201317). Deep & Cross Network for Ad Click Predictions. Proceedings of the KDD \u201917: The 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Halifax, NS, Canada.","DOI":"10.1145\/3124749.3124754"},{"key":"ref_18","first-page":"4552","article-title":"FinalMLP: An enhanced two-stream MLP model for CTR prediction","volume":"37","author":"Mao","year":"2023","journal-title":"Proc. AAAI Conf. Artif. Intell."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Sedhain, S., Menon, A.K., Sanner, S., and Xie, L. (2015, January 18\u201322). AutoRec: Autoencoders Meet Collaborative Filtering. Proceedings of the International Conference on World Wide Web, Florence, Italy.","DOI":"10.1145\/2740908.2742726"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Wang, H., Zhang, F., Xie, X., and Guo, M. (2018, January 23\u201327). DKN: Deep Knowledge-Aware Network for News Recommendation. Proceedings of the 2018 World Wide Web Conference, Lyon, France.","DOI":"10.1145\/3178876.3186175"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Sun, Z., Yang, J., Zhang, J., Bozzon, A., Huang, L.-K., and Xu, C. (2018, January 2). Recurrent knowledge graph embedding for effective recommendation. Proceedings of the RecSys \u201918: Twelfth ACM Conference on Recommender Systems, Vancouver, BC, Canada.","DOI":"10.1145\/3240323.3240361"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"317","DOI":"10.1109\/JAS.2024.124971","article-title":"When software security meets large language models: A survey","volume":"12","author":"Zhu","year":"2025","journal-title":"Ieee\/caa J. Autom. Sin."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Zhou, G., Song, C., Zhu, X., Fan, Y., Zhu, H., Ma, X., Yan, Y., Jin, J., Li, H., and Gai, K. (2017, January 19\u201323). Deep Interest Network for Click-Through Rate Prediction. Proceedings of the KDD \u201918: The 24th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, London, UK.","DOI":"10.1145\/3219819.3219823"},{"key":"ref_24","first-page":"102","article-title":"Exploration and Scenario Practice of Security Orchestration and Automated Response","volume":"S2","author":"Liao","year":"2020","journal-title":"Netinfo Secur."},{"key":"ref_25","first-page":"523","article-title":"Anomaly detection based on single-heat coding and convolutional neural networks","volume":"59","author":"Liang","year":"2019","journal-title":"J. Tsinghua Univ. (Sci. Technol.)"},{"key":"ref_26","unstructured":"Huang, D. (2018). Research on User Dynamic Interest Model in Recommendation Systems. [Master\u2019s Thesis, South China University of Technology]."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"987","DOI":"10.1109\/TIFS.2019.2932228","article-title":"Android HIV: A study of repackaging malware for evading machine-learning detection","volume":"15","author":"Chen","year":"2019","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"872","DOI":"10.1109\/JAS.2025.125498","article-title":"Exploring DeepSeek: A Survey on Advances, Applications, Challenges and Future Directions","volume":"12","author":"Deng","year":"2025","journal-title":"Ieee\/caa J. Autom. Sin."},{"key":"ref_29","unstructured":"Zhang, K. (2004). Analysis and Defense of DDoS Attacks. [Master\u2019s Thesis, University of Electronic Science and Technology of China]."},{"key":"ref_30","unstructured":"Wang, Y., Wang, L., Li, Y., He, D., Liu, T.Y., and Chen, W. (2013). A Theoretical Analysis of NDCG Type Ranking Measures. Proceedings of the Conference on Learning Theory (COLT 2013), PMLR."},{"key":"ref_31","first-page":"97","article-title":"Property of Mean Average Precision as Performance Measure in Retrieval Experiment","volume":"74","author":"Kishida","year":"2001","journal-title":"IPSJ SIG Tech. Rep."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"68429","DOI":"10.1109\/ACCESS.2022.3186719","article-title":"Bias and unfairness of collaborative filtering based recommender systems in MovieLens dataset","volume":"10","author":"Ortega","year":"2022","journal-title":"IEEE Access"},{"key":"ref_33","unstructured":"Teng, Y., Wu, Y., Shi, H., Ning, X., Dai, G., Wang, Y., Li, Z., and Liu, X. (2024). DiM: Diffusion Mamba for Efficient High-Resolution Image Synthesis. arXiv."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/17\/11\/1851\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,3]],"date-time":"2025-11-03T14:10:15Z","timestamp":1762179015000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/17\/11\/1851"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,3]]},"references-count":33,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2025,11]]}},"alternative-id":["sym17111851"],"URL":"https:\/\/doi.org\/10.3390\/sym17111851","relation":{},"ISSN":["2073-8994"],"issn-type":[{"type":"electronic","value":"2073-8994"}],"subject":[],"published":{"date-parts":[[2025,11,3]]}}}