{"id":"https://openalex.org/W7131875374","doi":"https://doi.org/10.48550/arxiv.2602.22244","title":"Accelerating Incident Response: A Hybrid Approach for Data Breach Reporting","display_name":"Accelerating Incident Response: A Hybrid Approach for Data Breach Reporting","publication_year":2026,"publication_date":"2026-02-24","ids":{"openalex":"https://openalex.org/W7131875374","doi":"https://doi.org/10.48550/arxiv.2602.22244"},"language":"en","primary_location":{"id":"pmh:doi:10.48550/arxiv.2602.22244","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5127297371","display_name":"Aurora Arrus","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Arrus, Aurora","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5098966334","display_name":"Maria Di Gisi","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"di Gisi, Maria","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5127039498","display_name":"Sara Lilli","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lilli, Sara","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5127031288","display_name":"Marco Quadrini","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Quadrini, Marco","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5127297371"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.37599998712539673,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.37599998712539673,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.31380000710487366,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.04399999976158142,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/data-breach","display_name":"Data breach","score":0.6291000247001648},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6039000153541565},{"id":"https://openalex.org/keywords/schema","display_name":"Schema (genetic algorithms)","score":0.49559998512268066},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.4537999927997589},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.44449999928474426},{"id":"https://openalex.org/keywords/json","display_name":"JSON","score":0.4381999969482422},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.4025999903678894},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.3758000135421753},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.35350000858306885},{"id":"https://openalex.org/keywords/operator","display_name":"Operator (biology)","score":0.3231000006198883}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7376999855041504},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.675000011920929},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.6291000247001648},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6039000153541565},{"id":"https://openalex.org/C52146309","wikidata":"https://www.wikidata.org/wiki/Q7431116","display_name":"Schema (genetic algorithms)","level":2,"score":0.49559998512268066},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.4537999927997589},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.44449999928474426},{"id":"https://openalex.org/C2780416260","wikidata":"https://www.wikidata.org/wiki/Q2063","display_name":"JSON","level":2,"score":0.4381999969482422},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.4025999903678894},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.3758000135421753},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.35350000858306885},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.33000001311302185},{"id":"https://openalex.org/C17020691","wikidata":"https://www.wikidata.org/wiki/Q139677","display_name":"Operator (biology)","level":5,"score":0.3231000006198883},{"id":"https://openalex.org/C75684735","wikidata":"https://www.wikidata.org/wiki/Q858810","display_name":"Big data","level":2,"score":0.31189998984336853},{"id":"https://openalex.org/C69360830","wikidata":"https://www.wikidata.org/wiki/Q1172237","display_name":"Data Protection Act 1998","level":2,"score":0.3019999861717224},{"id":"https://openalex.org/C2776876444","wikidata":"https://www.wikidata.org/wiki/Q2845200","display_name":"Crime analysis","level":2,"score":0.29010000824928284},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.28690001368522644},{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.28360000252723694},{"id":"https://openalex.org/C2780262971","wikidata":"https://www.wikidata.org/wiki/Q44554","display_name":"Law enforcement","level":2,"score":0.2825999855995178},{"id":"https://openalex.org/C77714075","wikidata":"https://www.wikidata.org/wiki/Q5452017","display_name":"Firewall (physics)","level":5,"score":0.28130000829696655},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.27970001101493835},{"id":"https://openalex.org/C169093310","wikidata":"https://www.wikidata.org/wiki/Q3702971","display_name":"Personally identifiable information","level":2,"score":0.27160000801086426},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.2705000042915344},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.26899999380111694},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.2678999900817871},{"id":"https://openalex.org/C2909164965","wikidata":"https://www.wikidata.org/wiki/Q6014597","display_name":"Incident report","level":2,"score":0.26030001044273376},{"id":"https://openalex.org/C137822555","wikidata":"https://www.wikidata.org/wiki/Q2587068","display_name":"Information sensitivity","level":2,"score":0.25839999318122864},{"id":"https://openalex.org/C79158427","wikidata":"https://www.wikidata.org/wiki/Q485396","display_name":"Analytics","level":2,"score":0.2574000060558319},{"id":"https://openalex.org/C130191384","wikidata":"https://www.wikidata.org/wiki/Q2996887","display_name":"Copycat","level":2,"score":0.257099986076355},{"id":"https://openalex.org/C556601545","wikidata":"https://www.wikidata.org/wiki/Q878553","display_name":"Computer forensics","level":3,"score":0.2538999915122986},{"id":"https://openalex.org/C113336015","wikidata":"https://www.wikidata.org/wiki/Q574010","display_name":"Complete information","level":2,"score":0.2517000138759613},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.25130000710487366}],"mesh":[],"locations_count":3,"locations":[{"id":"pmh:doi:10.48550/arxiv.2602.22244","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"pmh:oai:iris.unica.it:11584/479985","is_oa":false,"landing_page_url":"https://hdl.handle.net/11584/479985","pdf_url":null,"source":{"id":"https://openalex.org/S4377196293","display_name":"UNICA IRIS Institutional Research Information System (University of Cagliari)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I172446870","host_organization_name":"University of Cagliari","host_organization_lineage":["https://openalex.org/I172446870"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferencePaper"},{"id":"doi:10.48550/arxiv.2602.22244","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.22244","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2602.22244","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/8","display_name":"Decent work and economic growth","score":0.46993064880371094}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0,116,154],"General":[1],"Data":[2],"Protection":[3],"Regulation":[4],"(GDPR)":[5],"requires":[6],"organisations":[7],"to":[8,107,121,128],"notify":[9],"supervisory":[10],"authorities":[11],"of":[12,19,89,111],"personal":[13],"data":[14],"breaches":[15],"within":[16],"72":[17],"hours":[18],"discovery.":[20],"Meeting":[21],"this":[22],"strict":[23],"deadline":[24],"is":[25,101],"challenging":[26],"because":[27],"incident":[28],"responders":[29],"must":[30],"manually":[31],"translate":[32],"low-level":[33],"forensic":[34,158],"artefacts":[35,159],"such":[36],"as":[37],"malware":[38,80],"traces,":[39],"system-call":[40],"logs,":[41],"and":[42,60,69,87,113],"network":[43],"captures":[44],"into":[45,160],"the":[46,85,108,147],"structured,":[47,162],"legally":[48],"framed":[49],"information":[50],"required":[51],"by":[52,140],"data-protection":[53],"authorities.":[54],"This":[55],"gap":[56],"between":[57],"technical":[58],"evidence":[59],"regulatory":[61],"reporting":[62],"often":[63],"results":[64],"in":[65,104],"delays,":[66],"incomplete":[67],"notifications,":[68],"a":[70,78,93,134,141,161,166],"high":[71],"cognitive":[72],"burden":[73],"on":[74,96],"analysts.":[75],"We":[76],"propose":[77],"hybrid":[79],"analysis":[81,120,127],"pipeline":[82],"that":[83,165],"automates":[84],"extraction":[86],"organisation":[88],"breach-relevant":[90],"information,":[91],"with":[92,125,146],"particular":[94],"focus":[95],"exfiltration-oriented":[97],"Linux/ARM":[98],"malware,":[99],"which":[100],"rapidly":[102,170],"increasing":[103],"prevalence":[105],"due":[106],"widespread":[109],"adoption":[110],"IoT":[112],"embedded":[114],"devices.":[115],"system":[117],"combines":[118],"static":[119],"identify":[122],"potential":[123],"exfiltrators":[124],"dynamic":[126],"reconstruct":[129],"their":[130],"behaviour.":[131],"It":[132],"employs":[133],"Large":[135],"Language":[136],"Model":[137],"(LLM)":[138],"constrained":[139],"formal":[142],"JSON":[143],"schema":[144],"aligned":[145],"official":[148],"Italian":[149],"Garante":[150],"Privacy":[151],"notification":[152],"form.":[153],"LLM":[155],"transforms":[156],"heterogeneous":[157],"compliance-ready":[163],"report":[164],"human":[167],"operator":[168],"can":[169],"validate.":[171]},"counts_by_year":[],"updated_date":"2026-05-06T08:25:59.206177","created_date":"2026-02-28T00:00:00"}