WSEAS Transactions on Computers

Print ISSN: 1109-2750
E-ISSN: 2224-2872

Volume 18, 2019

Notice: As of 2014 and for the forthcoming years, the publication frequency/periodicity of WSEAS Journals is adapted to the 'continuously updated' model. What this means is that instead of being separated into issues, new papers will be added on a continuous basis, allowing a more regular flow and shorter publication times. The papers will appear in reverse order, therefore the most recent one will be on top.

Automation of Cyber Security Incident Handling through Artificial Intelligence Methods

AUTHORS: Roumen Trifonov, Slavcho Manolov, Georgi Tsochev, Galya Pavlova

Download as PDF

ABSTRACT: According to the opinion of the leading experts in the field of Cyber Security over the last few years there has been a transition from the stage of Cyber Criminality to the stage of Cyber War. In order to respond adequately to the new challenges, the expert community has two main approaches: to adopt the philosophy and methods of Military Intelligence, and to use Artificial Intelligence methods for counteraction of Cyber Attacks. The present paper describes some of the results obtained in the Faculty of Computer Systems and Technology at Technical University of Sofia in the implementation of project related to the application of intelligent methods for increasing the security in computer networks. These results are shown separately in the sphere of Cyber Threats Intelligence and Security Incident Handling.

KEYWORDS: - Cyber Security, Incident Handling, Artificial Intelligence, Learning Methods, Automation, Cyber Intelligence, Cyber Defense


[ 1] National Cyber Security Strategy “Cyber Resilient Bulgaria” Sofia, 2016

[2] R. Trifonov, S. Manolov Application of multiagent systems for network and information protection, Proceedings of the International Conference on Information Technologies (InfoTech-2014) 18 - 19 September 2014, Varna, Bulgaria

[3] R. Trifonov, G. Tsochev, S. Manolov, Radoslav Yoshinov, G. Pavlova, A Survey of Artificial Intelligence for Enhancing the Information Security, Int. J. of Development Research, 07, 11, November (2017), pp.16866-16872, ISSN: 2230-9926

[4] R. Trifonov, S. Manolov, R. Yoshinov, G. Tsochev, G. Pavlova, Artificial Intelligence Methods for Cyber Threats Intelligence, Int. J. of Computers, 2 (2017) pp. 129-135, ISSN: 2367-8895,

[5] R. Trifonov, G. Tsochev, R. Yoshinov, S. Manolov and G. Pavlova. Conceptual model for cyber intelligence network security system, Int. J. of Computers, 11 (2017) pp. 85-92, ISSN: 1998-4308

[6] R. Trifonov, S.Manolov , R. Yoshinov , G. Tsochev, G. Pavlova. An adequate response to new Cyber Security challenges through Artificial Intelligence methods. Applications in Business and Economics, WSEAS Transactions on Business and Economics, 14 (2017) pp. 272 - 281, E-ISSN: 2224-2899

[7] R. Trifonov, G. Tsochev, S. Manolov, R. Yoshinov, G. Pavlova, Increasing the level of network and information security using artificial intelligence, Fifth Intl. Conf. Advances in Computing, Communication and Information Technology- CCIT 2-3 September (2017) Zurich, Swiss, ISBN: 978-1-63248-131-3

[8] R. Trifonov, G. Tsochev, G. Pavlova, R. Yoshinov, S. Manolov, Adaptive Optimization Techniques for Intelligent Network Security, 4th International Conference on Mathematics and Computers in Sciences and Industry MCSI (2017), August 24-26, Corfu Island, Greece, Conference Publishing Services of IEEE

[9] R. Trifonov, G. Tsochev, R. Yoshinov, S. Manolov, G. Pavlova, Conceptual model for cyber intelligence network security system, Int. J. of Computers, 11 (2017) ISSN: 1998-4308

[10] R. Trifonov, O. Nakov, P. Vatchkov, S. Manolov, R. Yoshinov, G. Popov, G. Tsochev, G. Pavlova. Intelligent methods and Cybersecurity, ХХV Conference Telecom (2017) 26-27 October, NSTC, Sofia, Bulgaria, p. 113- 120

[11] R. Trifonov, S. Manolov, R. Yoshinov, G. Tsochev, S. Nedev, G. Pavlova, Operational Cyber Threat Intelligence supported by Artificial Intelligence methods. Proceedings of the International Conference on Information Technologies (InfoTech-2018) 20 - 21 September (2018) Varna, Bulgaria

[12] R. Trifonov, S. Manolov, R. Yoshinov, G. Tsochev, G. Popov, G. Pavlova, New Approaches in the Examination of the Cyber Threats. Proceedings of the International Conference on Information Technologies (InfoTech-2018) 20-21 September (2018) Varna, Bulgaria

[13] ENISA Threats Landscape Report 2016: 15 Top Cyber-Threats and Trends, ENISA, January (2017)

[14] Computer Security Incident Handling Guide Special Publication 800-61 Revision 2 NIST, August (2012)

[15] Good Practice Guide for Incident Management, ENISA (2010)

[16] Strategies for Incident Response and Cyber Crisis Cooperation Version 1.1, ENISA, August (2016)

[17] Request for Comments 1297 “Internal Integrated Trouble Ticket System – Functional Specification Wishlist” Merit Network, Inc. January (1992)

[18] R. Young, AI-driven automation for Incident Management, Astound, March 8, (2017)

[19] Security Team’s Operational Requirements Milestone MS2.4.2. GN3-10-073 GEANT (2014)

[20] R.S. Sutton, Reinforcement Learning An Introduction, Cambridge University Press (1998)

[21] K. Arulkumaran, M.P. Deisenroth, M. Brundage, A.A. Bharath A Brief Survey of Deep Reinforcement Learning, IEEE Signal Processing Magazine Special Issue on Deep Learning for Image Understanding Nov. (2017)

[22] G. Popov and K. Raynova, Diversity in nature and technology — Tool for increase the reliability of systems, 15th International Conference on Electrical Machines, Drives and Power Systems (ELMA), Sofia (2017)

WSEAS Transactions on Computers, ISSN / E-ISSN: 1109-2750 / 2224-2872, Volume 18, 2019, Art. #35, pp. 274-280

Copyright © 2018 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution License 4.0

Bulletin Board


The editorial board is accepting papers.

WSEAS Main Site