The increasing complexity of cyber threats demands higher efficiency in incident management, particularly in Security Operation Centers (SOCs). Incident triage processes are often hindered by a high number of false positives, reducing effectiveness in addressing critical threats. This study develops a machine learning model to classify security incidents using the GUIDE dataset, which includes over one million incidents from 6,100 organizations. Five machine learning algorithms were tested: Random Forest, SVM, XGBoost, KNN, and Logistic Regression, with preprocessing steps such as One-Hot Encoding, normalization, and stratified data splitting. Evaluation results show that Random Forest and XGBoost achieved the highest accuracy of 91%, with superior capabilities in reducing false positives and prioritizing relevant threats.

Gelman, B., Taoufiq, S., Vörös, T., & Berlin, K. (2023). That Escalated Quickly: An ML Framework for Alert Prioritization. ArXiv, abs/2302.06648. https://doi.org/10.48550/arXiv.2302.06648.

Trifonov, R., Manolov, S., Tsochev, G., & Pavlova, G. (2020). Automation of Cyber Security Incident Handling through Artificial Intelligence Methods. .

Peng, Y., Zhang, Y., Tang, Y., & Li, S. (2011). An incident information management framework based on data integration, data mining, and multi-criteria decision making. Decis. Support Syst., 51, 316-327. https://doi.org/10.1016/j.dss.2010.11.025.

Freitas, S., Kalajdjieski, J., Gharib, A., & McCann, R. (2024). AI-Driven Guided Response for Security Operation Centers with Microsoft Copilot for Security. https://arxiv.org/abs/2407.09017v4