{"id":"https://openalex.org/W4402543952","doi":"https://doi.org/10.1145/3695462","title":"Alert Prioritisation in Security Operations Centres: A Systematic Survey on Criteria and Methods","display_name":"Alert Prioritisation in Security Operations Centres: A Systematic Survey on Criteria and Methods","publication_year":2024,"publication_date":"2024-09-14","ids":{"openalex":"https://openalex.org/W4402543952","doi":"https://doi.org/10.1145/3695462"},"language":"en","primary_location":{"id":"doi:10.1145/3695462","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3695462","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"type":"review","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1145/3695462","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5043870177","display_name":"Fatemeh Jalalvand","orcid":"https://orcid.org/0000-0003-1335-2139"},"institutions":[{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Fatemeh Jalalvand","raw_affiliation_strings":["CSIRO Data61, Melbourne, Australia","CSIRO Data61,  Clayton, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO Data61, Melbourne, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]},{"raw_affiliation_string":"CSIRO Data61,  Clayton, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5000678710","display_name":"Mohan Baruwal Chhetri","orcid":"https://orcid.org/0000-0002-6138-7742"},"institutions":[{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Mohan Baruwal Chhetri","raw_affiliation_strings":["CSIRO Data61, Melbourne, Australia","CSIRO Data61,  Clayton, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO Data61, Melbourne, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]},{"raw_affiliation_string":"CSIRO Data61,  Clayton, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082256444","display_name":"\u202aSurya Nepal\u202c","orcid":"https://orcid.org/0000-0002-3289-6599"},"institutions":[{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Surya Nepal","raw_affiliation_strings":["CSIRO Data61, Sydney, Australia","CSIRO Data61,  Marsfield, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO Data61, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]},{"raw_affiliation_string":"CSIRO Data61,  Marsfield, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5077002072","display_name":"C\u00e9cile Paris","orcid":"https://orcid.org/0000-0003-3816-0176"},"institutions":[{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Cecile Paris","raw_affiliation_strings":["CSIRO Data61, Sydney, Australia","CSIRO Data61,  Marsfield, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO Data61, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]},{"raw_affiliation_string":"CSIRO Data61,  Marsfield, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5043870177"],"corresponding_institution_ids":["https://openalex.org/I1292875679","https://openalex.org/I42894916"],"apc_list":null,"apc_paid":null,"fwci":11.3947,"has_fulltext":false,"cited_by_count":14,"citation_normalized_percentile":{"value":0.9838826,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":"57","issue":"2","first_page":"1","last_page":"36"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9950000047683716,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9943000078201294,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8517575860023499},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3546410799026489},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3398359715938568}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8517575860023499},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3546410799026489},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3398359715938568}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3695462","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3695462","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3695462","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3695462","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":109,"referenced_works":["https://openalex.org/W1602136775","https://openalex.org/W1864236274","https://openalex.org/W1984142299","https://openalex.org/W1990091526","https://openalex.org/W2005115103","https://openalex.org/W2044936748","https://openalex.org/W2052695951","https://openalex.org/W2054537057","https://openalex.org/W2056798206","https://openalex.org/W2063770056","https://openalex.org/W2080927183","https://openalex.org/W2083270195","https://openalex.org/W2099836119","https://openalex.org/W2100508758","https://openalex.org/W2101765290","https://openalex.org/W2111142701","https://openalex.org/W2123439865","https://openalex.org/W2130203275","https://openalex.org/W2155926039","https://openalex.org/W2282821441","https://openalex.org/W2475891919","https://openalex.org/W2491980965","https://openalex.org/W2553560141","https://openalex.org/W2618851150","https://openalex.org/W2726872669","https://openalex.org/W2739823785","https://openalex.org/W2766537588","https://openalex.org/W2772356386","https://openalex.org/W2790557990","https://openalex.org/W2801609661","https://openalex.org/W2803342829","https://openalex.org/W2803863022","https://openalex.org/W2808052182","https://openalex.org/W2810012024","https://openalex.org/W2862457273","https://openalex.org/W2903912339","https://openalex.org/W2921941248","https://openalex.org/W2934302500","https://openalex.org/W2950108307","https://openalex.org/W2950266870","https://openalex.org/W2962703433","https://openalex.org/W2963563709","https://openalex.org/W2966196469","https://openalex.org/W2972007171","https://openalex.org/W2974695716","https://openalex.org/W2978548650","https://openalex.org/W2983519477","https://openalex.org/W2997993688","https://openalex.org/W3000552363","https://openalex.org/W3008535402","https://openalex.org/W3012628147","https://openalex.org/W3015650867","https://openalex.org/W3019726060","https://openalex.org/W3029189887","https://openalex.org/W3033087971","https://openalex.org/W3092024150","https://openalex.org/W3108481873","https://openalex.org/W3110793982","https://openalex.org/W3116286104","https://openalex.org/W3126165507","https://openalex.org/W3140399761","https://openalex.org/W3148456258","https://openalex.org/W3198775197","https://openalex.org/W3207777896","https://openalex.org/W3212401499","https://openalex.org/W3215879207","https://openalex.org/W4205561327","https://openalex.org/W4206083420","https://openalex.org/W4210262502","https://openalex.org/W4212809991","https://openalex.org/W4214888769","https://openalex.org/W4221006676","https://openalex.org/W4223906509","https://openalex.org/W4224249813","https://openalex.org/W4226139354","https://openalex.org/W4233769456","https://openalex.org/W4234251954","https://openalex.org/W4253516956","https://openalex.org/W4281618023","https://openalex.org/W4283313119","https://openalex.org/W4283659688","https://openalex.org/W4283703836","https://openalex.org/W4285112458","https://openalex.org/W4285607116","https://openalex.org/W4288083473","https://openalex.org/W4290062077","https://openalex.org/W4293193423","https://openalex.org/W4294811629","https://openalex.org/W4311165940","https://openalex.org/W4318350868","https://openalex.org/W4321061991","https://openalex.org/W4321160088","https://openalex.org/W4322627146","https://openalex.org/W4323797275","https://openalex.org/W4377030676","https://openalex.org/W4379137333","https://openalex.org/W4380187196","https://openalex.org/W4387800467","https://openalex.org/W4391334925","https://openalex.org/W4391631246","https://openalex.org/W4391835300","https://openalex.org/W4392768649","https://openalex.org/W4393757176","https://openalex.org/W4399187206","https://openalex.org/W6600157417","https://openalex.org/W6600424091","https://openalex.org/W6600493712","https://openalex.org/W6751776086","https://openalex.org/W6810123564"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"Security":[0],"Operations":[1],"Centres":[2],"(SOCs)":[3],"are":[4,127],"specialised":[5],"facilities":[6],"where":[7],"security":[8,26,30,192],"analysts":[9,97],"leverage":[10,99],"advanced":[11],"technologies":[12],"to":[13,18,33,42,60,102,116,183],"monitor,":[14],"detect":[15],"and":[16,52,71,87,112,123,138,148,157,166],"respond":[17],"cyber":[19],"incidents.":[20],"However,":[21],"the":[22,47,58,66,117,136,146,151,184],"increasing":[23],"volume":[24],"of":[25,49,69,79,135,150,154,186],"incidents":[27],"has":[28,57],"overwhelmed":[29],"analysts,":[31],"leading":[32],"alert":[34,37,80],"fatigue.":[35],"Effective":[36],"prioritisation":[38],"(AP)":[39],"becomes":[40],"crucial":[41],"address":[43],"this":[44],"problem":[45],"through":[46],"utilisation":[48],"proper":[50],"criteria":[51,137,156],"methods.":[53],"Human\u2013AI":[54],"teaming":[55],"(HAT)":[56],"potential":[59],"significantly":[61],"enhance":[62],"AP":[63,141,155,187],"by":[64],"combining":[65],"complementary":[67],"strengths":[68],"humans":[70],"AI.":[72],"AI":[73,118],"excels":[74],"in":[75,142,195],"processing":[76],"large":[77],"volumes":[78],"data,":[81],"identifying":[82],"anomalies,":[83],"uncovering":[84],"hidden":[85],"patterns,":[86],"prioritising":[88],"alerts":[89,126],"at":[90,93],"scale,":[91],"all":[92],"machine":[94],"speed.":[95],"Human":[96],"can":[98],"their":[100],"expertise":[101],"investigate":[103],"prioritised":[104],"alerts,":[105],"re-prioritise":[106],"them":[107],"based":[108,159],"on":[109,160],"additional":[110],"context":[111],"provide":[113],"valuable":[114],"feedback":[115],"system,":[119],"reducing":[120],"false":[121],"positives":[122],"ensuring":[124],"critical":[125],"prioritised.":[128],"This":[129],"work":[130],"provides":[131],"a":[132],"comprehensive":[133],"review":[134],"methods":[139,158],"for":[140,173],"SOC.":[143],"We":[144,168,176],"analyse":[145],"advantages":[147],"disadvantages":[149],"different":[152],"categories":[153],"HAT,":[161],"specifically":[162],"considering":[163],"automation,":[164],"augmentation":[165],"collaboration.":[167],"also":[169],"identify":[170],"several":[171],"areas":[172],"future":[174],"research.":[175],"anticipate":[177],"that":[178],"our":[179],"findings":[180],"will":[181],"contribute":[182],"advancement":[185],"techniques,":[188],"fostering":[189],"more":[190],"effective":[191],"incident":[193],"response":[194],"SOCs.":[196]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":11}],"updated_date":"2026-03-08T08:50:53.379069","created_date":"2025-10-10T00:00:00"}