English

Reducing Information Overload: Because Even Security Experts Need to Blink

Cryptography and Security 2025-02-07 v5

Abstract

Computer Emergency Response Teams (CERTs) face increasing challenges processing the growing volume of security-related information. Daily manual analysis of threat reports, security advisories, and vulnerability announcements leads to information overload, contributing to burnout and attrition among security professionals. This work evaluates 196 combinations of clustering algorithms and embedding models across five security-related datasets to identify optimal approaches for automated information consolidation. We demonstrate that clustering can reduce information processing requirements by over 90% while maintaining semantic coherence, with deep clustering achieving homogeneity of 0.88 for security bug report (SBR) and partition-based clustering reaching 0.51 for advisory data. Our solution requires minimal configuration, preserves all data points, and processes new information within five minutes on consumer hardware. The findings suggest that clustering approaches can significantly enhance CERT operational efficiency, potentially saving over 3.750 work hours annually per analyst while maintaining analytical integrity. However, complex threat reports require careful parameter tuning to achieve acceptable performance, indicating areas for future optimization. The code is made available at https://github.com/PEASEC/reducing-information-overload.

Keywords

Cite

@article{arxiv.2210.14067,
  title  = {Reducing Information Overload: Because Even Security Experts Need to Blink},
  author = {Philipp Kuehn and Markus Bayer and Tobias Frey and Moritz Kerk and Christian Reuter},
  journal= {arXiv preprint arXiv:2210.14067},
  year   = {2025}
}

Comments

11 pages, 6 figures

R2 v1 2026-06-28T04:28:20.289Z