Security Tools' API Recommendation Using Machine Learning

Security Operation Center (SOC) teams manually analyze numerous tools' API documentation to find appropriate APIs to define, update and execute incident response plans for responding to security incidents. Manually identifying security tools' APIs is time consuming that can slow down security incident response. To mitigate this manual process's negative effects, automated API recommendation support is desired. The state-of-the-art automated security tool API recommendation uses Deep Learning (DL) model. However, DL models are environmentally unfriendly and prohibitively expensive requiring huge time and resources (denoted as "Red AI"). Hence, "Green AI" considering both efficiency and effectiveness is encouraged. Given SOCs' incident response is hindered by cost, time and resource constraints, we assert that Machine Learning (ML) models are likely to be more suitable for recommending suitable APIs with fewer resources. Hence, we investigate ML model's applicability for effective and efficient security tools' API recommendation. We used 7 real world security tools' API documentation, 5 ML models, 5 feature representations and 19 augmentation techniques. Our Logistic Regression model with word and character level features compared to the state-of-the-art DL-based approach reduces 95.91% CPU core hours, 97.65% model size, 291.50% time and achieves 0.38% better accuracy, which provides cost-cutting opportunities for industrial SOC adoption.