{"id":"https://openalex.org/W4414528100","doi":"https://doi.org/10.48550/arxiv.2508.13118","title":"AutoBnB-RAG: Enhancing Multi-Agent Incident Response with Retrieval-Augmented Generation","display_name":"AutoBnB-RAG: Enhancing Multi-Agent Incident Response with Retrieval-Augmented Generation","publication_year":2025,"publication_date":"2025-08-18","ids":{"openalex":"https://openalex.org/W4414528100","doi":"https://doi.org/10.48550/arxiv.2508.13118"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2508.13118","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2508.13118","pdf_url":"https://arxiv.org/pdf/2508.13118","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2508.13118","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5026087229","display_name":"Zefang Liu","orcid":"https://orcid.org/0000-0003-1947-3249"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Zefang","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":null,"display_name":"Anwar, Arman","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Anwar, Arman","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9894999861717224,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9894999861717224,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.9354000091552734,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13018","display_name":"Seismology and Earthquake Studies","score":0.9180999994277954,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/documentation","display_name":"Documentation","score":0.6281999945640564},{"id":"https://openalex.org/keywords/quality","display_name":"Quality (philosophy)","score":0.5112000107765198},{"id":"https://openalex.org/keywords/data-retrieval","display_name":"Data retrieval","score":0.4851999878883362},{"id":"https://openalex.org/keywords/incident-management","display_name":"Incident management","score":0.3986999988555908},{"id":"https://openalex.org/keywords/incident-response","display_name":"Incident response","score":0.3723999857902527},{"id":"https://openalex.org/keywords/incident-report","display_name":"Incident report","score":0.36340001225471497}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7479000091552734},{"id":"https://openalex.org/C56666940","wikidata":"https://www.wikidata.org/wiki/Q788790","display_name":"Documentation","level":2,"score":0.6281999945640564},{"id":"https://openalex.org/C2779530757","wikidata":"https://www.wikidata.org/wiki/Q1207505","display_name":"Quality (philosophy)","level":2,"score":0.5112000107765198},{"id":"https://openalex.org/C551230270","wikidata":"https://www.wikidata.org/wiki/Q4368942","display_name":"Data retrieval","level":2,"score":0.4851999878883362},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.40450000762939453},{"id":"https://openalex.org/C2780952636","wikidata":"https://www.wikidata.org/wiki/Q13479512","display_name":"Incident management","level":2,"score":0.3986999988555908},{"id":"https://openalex.org/C2985105721","wikidata":"https://www.wikidata.org/wiki/Q13479512","display_name":"Incident response","level":2,"score":0.3723999857902527},{"id":"https://openalex.org/C2909164965","wikidata":"https://www.wikidata.org/wiki/Q6014597","display_name":"Incident report","level":2,"score":0.36340001225471497},{"id":"https://openalex.org/C2781306805","wikidata":"https://www.wikidata.org/wiki/Q4789761","display_name":"Argumentative","level":2,"score":0.36309999227523804},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.3163999915122986},{"id":"https://openalex.org/C2778029271","wikidata":"https://www.wikidata.org/wiki/Q5421931","display_name":"Extension (predicate logic)","level":2,"score":0.31200000643730164},{"id":"https://openalex.org/C2779707562","wikidata":"https://www.wikidata.org/wiki/Q1140525","display_name":"Critical Incident Technique","level":2,"score":0.2939999997615814},{"id":"https://openalex.org/C24756922","wikidata":"https://www.wikidata.org/wiki/Q1757694","display_name":"Data quality","level":3,"score":0.290800005197525},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.2802000045776367},{"id":"https://openalex.org/C2776291640","wikidata":"https://www.wikidata.org/wiki/Q2912517","display_name":"Value (mathematics)","level":2,"score":0.2632000148296356},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.2574000060558319}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2508.13118","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2508.13118","pdf_url":"https://arxiv.org/pdf/2508.13118","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2508.13118","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2508.13118","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2508.13118","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2508.13118","pdf_url":"https://arxiv.org/pdf/2508.13118","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Incident":[0],"response":[1,63],"(IR)":[2],"requires":[3],"fast,":[4],"coordinated,":[5],"and":[6,11,82,101,157],"well-informed":[7],"decision-making":[8],"to":[9,40,78,121,143],"contain":[10],"mitigate":[12],"cyber":[13,133],"threats.":[14],"While":[15],"large":[16],"language":[17],"models":[18],"(LLMs)":[19],"have":[20],"shown":[21],"promise":[22],"as":[23],"autonomous":[24],"agents":[25,77],"in":[26,96],"simulated":[27],"IR":[28],"settings,":[29],"their":[30],"reasoning":[31],"is":[32],"often":[33],"limited":[34],"by":[35],"a":[36],"lack":[37],"of":[38,51,169],"access":[39],"external":[41,84],"knowledge.":[42],"In":[43],"this":[44],"work,":[45],"we":[46,129],"present":[47],"AutoBnB-RAG,":[48],"an":[49],"extension":[50],"the":[52,67,167],"AutoBnB":[53],"framework":[54],"that":[55,151],"incorporates":[56],"retrieval-augmented":[57],"generation":[58],"(RAG)":[59],"into":[60,173],"multi-agent":[61,175],"incident":[62,105],"simulations.":[64],"Built":[65],"on":[66,136],"Backdoors":[68],"&amp;":[69],"Breaches":[70],"(B&amp;B)":[71],"tabletop":[72],"game":[73],"environment,":[74],"AutoBnB-RAG":[75],"enables":[76],"issue":[79],"retrieval":[80,92,152,171],"queries":[81],"incorporate":[83],"evidence":[85],"during":[86],"collaborative":[87],"investigations.":[88],"We":[89,108],"introduce":[90],"two":[91],"settings:":[93],"one":[94],"grounded":[95],"curated":[97],"technical":[98],"documentation":[99],"(RAG-Wiki),":[100],"another":[102],"using":[103],"narrative-style":[104],"reports":[106],"(RAG-News).":[107],"evaluate":[109],"performance":[110],"across":[111,160],"eight":[112],"team":[113],"structures,":[114],"including":[115],"newly":[116],"introduced":[117],"argumentative":[118],"configurations":[119],"designed":[120],"promote":[122],"critical":[123],"reasoning.":[124],"To":[125],"validate":[126],"practical":[127],"utility,":[128],"also":[130],"simulate":[131],"real-world":[132],"incidents":[134],"based":[135],"public":[137],"breach":[138],"reports,":[139],"demonstrating":[140],"AutoBnB-RAG's":[141],"ability":[142],"reconstruct":[144],"complex":[145],"multi-stage":[146],"attacks.":[147],"Our":[148],"results":[149],"show":[150],"augmentation":[153],"improves":[154],"decision":[155],"quality":[156],"success":[158],"rates":[159],"diverse":[161],"organizational":[162],"models.":[163],"This":[164],"work":[165],"demonstrates":[166],"value":[168],"integrating":[170],"mechanisms":[172],"LLM-based":[174],"systems":[176],"for":[177],"cybersecurity":[178],"decision-making.":[179]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}