{"id":"https://openalex.org/W7134921078","doi":"https://doi.org/10.1109/icdmw69685.2025.00141","title":"AutoBnB-RAG: Enhancing Multi-Agent Incident Response with Retrieval-Augmented Generation","display_name":"AutoBnB-RAG: Enhancing Multi-Agent Incident Response with Retrieval-Augmented Generation","publication_year":2025,"publication_date":"2025-11-12","ids":{"openalex":"https://openalex.org/W7134921078","doi":"https://doi.org/10.1109/icdmw69685.2025.00141"},"language":null,"primary_location":{"id":"doi:10.1109/icdmw69685.2025.00141","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icdmw69685.2025.00141","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Data Mining Workshops (ICDMW)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5128779979","display_name":"Zefang Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I1305444813","display_name":"Capital One (United States)","ror":"https://ror.org/00svp7168","country_code":"US","type":"company","lineage":["https://openalex.org/I1305444813"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zefang Liu","raw_affiliation_strings":["*Capital One,San Jose,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"*Capital One,San Jose,USA","institution_ids":["https://openalex.org/I1305444813"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5128704485","display_name":"Arman Anwar","orcid":null},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Arman Anwar","raw_affiliation_strings":["Georgia Institute of Technology,Atlanta,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology,Atlanta,USA","institution_ids":["https://openalex.org/I130701444"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.8699,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.88882307,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":98,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1190","last_page":"1199"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11714","display_name":"Multimodal Machine Learning Applications","score":0.15189999341964722,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11714","display_name":"Multimodal Machine Learning Applications","score":0.15189999341964722,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.07980000227689743,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11574","display_name":"Artificial Intelligence in Games","score":0.06379999965429306,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/quality","display_name":"Quality (philosophy)","score":0.2287999987602234},{"id":"https://openalex.org/keywords/window","display_name":"Window (computing)","score":0.22169999778270721},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.2152000069618225},{"id":"https://openalex.org/keywords/power","display_name":"Power (physics)","score":0.20990000665187836},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.20810000598430634}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4074999988079071},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2540999948978424},{"id":"https://openalex.org/C2779530757","wikidata":"https://www.wikidata.org/wiki/Q1207505","display_name":"Quality (philosophy)","level":2,"score":0.2287999987602234},{"id":"https://openalex.org/C2778751112","wikidata":"https://www.wikidata.org/wiki/Q835016","display_name":"Window (computing)","level":2,"score":0.22169999778270721},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.2152000069618225},{"id":"https://openalex.org/C163258240","wikidata":"https://www.wikidata.org/wiki/Q25342","display_name":"Power (physics)","level":2,"score":0.20990000665187836},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.20810000598430634},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.20759999752044678},{"id":"https://openalex.org/C99498987","wikidata":"https://www.wikidata.org/wiki/Q2210247","display_name":"Noise (video)","level":3,"score":0.1981000006198883},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.1891999989748001}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icdmw69685.2025.00141","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icdmw69685.2025.00141","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Data Mining Workshops (ICDMW)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W2031999883","https://openalex.org/W4244496119","https://openalex.org/W4391862446","https://openalex.org/W4396918131","https://openalex.org/W4402811916","https://openalex.org/W4403854698","https://openalex.org/W4407509125","https://openalex.org/W4409061246","https://openalex.org/W4409657397","https://openalex.org/W4410357080","https://openalex.org/W4411207733","https://openalex.org/W4411403346","https://openalex.org/W4412923210","https://openalex.org/W4414594130","https://openalex.org/W4414825143","https://openalex.org/W6941230632","https://openalex.org/W7134199056"],"related_works":[],"abstract_inverted_index":{"Incident":[0],"response":[1,63],"(IR)":[2],"requires":[3],"fast,":[4],"coordinated,":[5],"and":[6,11,82,101,157],"well-informed":[7],"decision-making":[8],"to":[9,40,78,121,143],"contain":[10],"mitigate":[12],"cyber":[13,133],"threats.":[14],"While":[15],"large":[16],"language":[17],"models":[18],"(LLMs)":[19],"have":[20],"shown":[21],"promise":[22],"as":[23],"autonomous":[24],"agents":[25,77],"in":[26,96],"simulated":[27],"IR":[28],"settings,":[29],"their":[30],"reasoning":[31],"is":[32],"often":[33],"limited":[34],"by":[35],"a":[36],"lack":[37],"of":[38,51,169],"access":[39],"external":[41,84],"knowledge.":[42],"In":[43],"this":[44],"work,":[45],"we":[46,129],"present":[47],"AutoBnB-RAG,":[48],"an":[49],"extension":[50],"the":[52,67,167],"AutoBnB":[53],"framework":[54],"that":[55,151],"incorporates":[56],"retrieval-augmented":[57],"generation":[58],"(RAG)":[59],"into":[60,173],"multi-agent":[61,175],"incident":[62,105],"simulations.":[64],"Built":[65],"on":[66,136],"Backdoors":[68],"&":[69],"Breaches":[70],"(B&B)":[71],"tabletop":[72],"game":[73],"environment,":[74],"AutoBnB-RAG":[75],"enables":[76],"issue":[79],"retrieval":[80,92,152,171],"queries":[81],"incorporate":[83],"evidence":[85],"during":[86],"collaborative":[87],"investigations.":[88],"We":[89,108],"introduce":[90],"two":[91],"settings:":[93],"one":[94],"grounded":[95],"curated":[97],"technical":[98],"documentation":[99],"(RAG-Wiki),":[100],"another":[102],"using":[103],"narrative-style":[104],"reports":[106],"(RAG-News).":[107],"evaluate":[109],"performance":[110],"across":[111,160],"eight":[112],"team":[113],"structures,":[114],"including":[115],"newly":[116],"introduced":[117],"argumentative":[118],"configurations":[119],"designed":[120],"promote":[122],"critical":[123],"reasoning.":[124],"To":[125],"validate":[126],"practical":[127],"utility,":[128],"also":[130],"simulate":[131],"real-world":[132],"incidents":[134],"based":[135],"public":[137],"breach":[138],"reports,":[139],"demonstrating":[140],"AutoBnB-RAG's":[141],"ability":[142],"reconstruct":[144],"complex":[145],"multi-stage":[146],"attacks.":[147],"Our":[148],"results":[149],"show":[150],"augmentation":[153],"improves":[154],"decision":[155],"quality":[156],"success":[158],"rates":[159],"diverse":[161],"organizational":[162],"models.":[163],"This":[164],"work":[165],"demonstrates":[166],"value":[168],"integrating":[170],"mechanisms":[172],"LLM-based":[174],"systems":[176],"for":[177],"cybersecurity":[178],"decision-making.":[179]},"counts_by_year":[{"year":2026,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-03-12T00:00:00"}