DBIS

The goal of this thesis is to develop a framework that supports incident response by combining machine learning–based detection with explainable, heuristic-based outputs. These heuristics act as a translator between the AI and the expert analyst, enabling interpretability and traceability of detection results. A dashboard will be used to present the AI’s decisions in a human-understandable format, helping analysts to assess and respond to threats more quickly and confidently. Given the high stakes of incident response scenarios, XAI becomes a necessity to enhance the transparency and trustworthiness of automated decisions.

This system will be designed for integration with existing SIEM systems and enable semi-automated responses, emulating typical input and output structures for realistic evaluation. The framework’s effectiveness will be evaluated based on decision accuracy, response time, and analyst confidence, using a variety of security incident categories.

These are some literature related to this topic:

• Cyber threat intelligence enabled automated attack incident response: https://ieeexplore.ieee.org/abstract/document/9932254
• Considerations for Human-Machine Teaming in Cybersecurity: https://link.springer.com/chapter/10.1007/978-3-030-22419-6_12
• Explainable artificial intelligence for cybersecurity: a literature survey: https://link.springer.com/article/10.1007/s12243-022-00926-7
• A Heuristics and Machine Learning Hybrid Approach to Adaptive Cyberattack Detection: https://ieeexplore.ieee.org/document/10467929

Also some blogposts might be interesting to take a look at:

• https://www.mcafee.com/blogs/other-blogs/executive-perspectives/human-machine-teaming-will-lead-better-security-outcomes/
• https://www.rapid7.com/blog/post/2022/01/12/demystifying-xdr-how-humans-and-machines-join-forces-in-threat-response/
• https://machinelearningmodels.org/implementing-machine-learning-in-incident-response-strategies-today/
• https://www.darkreading.com/cybersecurity-operations/automation-via-machine-learning-makes-cybersecurity-playbooks-better

Below are the main research questions that will guide this thesis:

• How do explainable heuristics affect the overall effectiveness of machine learning–based incident detection when compared to non-explainable approaches?
• In what ways does the introduction of an XAI-enhanced system influence an analyst’s speed and confidence in the incident response process?
• How effectively does a dashboard-based interface facilitate the interpretation of AI-driven alerts and explanations for human analysts for reliable response?

A key success factor of the thesis is demonstrating measurable improvements in incident detection accuracy, response time, and analyst confidence while maintaining practical usability. This includes effective integration with real-world SIEM environments and positive feedback from analysts on the transparency and trustworthiness of the system.