Submit

Login Login

Register Register

Home / Journals / CMC / Online First / doi:10.32604/cmc.2026.081752
Journal Menu
Special Issues
Table of Content

All issues

Online First

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Open Access

ARTICLE

Logic-Aware Security Playbook Generation for SOAR Using Adversarial Representation Learning

Hangyu Hu1, Liangrui Zhang1, Xiaowei Huang1, Xingmiao Yao1,2,*, Youyang Qu3, Xia Wu1, Guangmin Hu1,2
1 School of Information and Communication Engineering, University of Electronic Science and Technology of China, Chengdu, China
2 School of Resources and Environment, University of Electronic Science and Technology of China, Chengdu, China
3 Shandong Computer Science Center, Qilu University of Technology (Shandong Academy of Sciences), Jinan, China
* Corresponding Author: Xingmiao Yao. Email: email

Computers, Materials & Continua https://doi.org/10.32604/cmc.2026.081752

Received 08 March 2026; Accepted 15 May 2026; Published online 15 June 2026

Abstract

With the evolution of information technology toward more advanced intelligence and automation, Security Orchestration, Automation, and Response (SOAR) has become a critical foundation for security incident handling, owing to its intelligent orchestration capabilities. Security playbooks, as the core mechanism for automated response in SOAR, require well-designed workflows and precise action matching to ensure efficient and accurate alert handling. However, with the rising sophistication of attacks and the expanding scale of security alerts, traditional expert-driven playbook recommendation approaches often degrade in recommendation quality or completely fail when existing playbook repositories cannot adequately cover unknown or novel alert scenarios. Generative Adversarial Network (GAN) offers a promising solution by capturing feature associations from existing playbooks and autonomously generating validated new playbooks tailored to previously unseen alert characteristics. Motivated by this, we propose a logic-aware, two-stage GAN-based playbook generation method in this paper. In the first stage, alert features are projected into a modeled playbook feature space to perform preliminary similarity matching. In the second stage, a hybrid strategy combining similarity-based recommendation and GAN-driven generation is used to produce and refine playbooks while preserving logical workflow integrity. Experimental results demonstrate that the proposed approach not only delivers high-precision playbook recommendations for known alert scenarios but also efficiently generates reliable playbooks for unseen alerts, achieving an average alert handling success rate of 86.55%, and thereby fulfilling response requirements in previously uncovered scenarios.

Keywords

SOAR; security; intelligent recommendation; playbook generation; generative adversarial network

  • 156

    View

  • 49

    Download

  • 0

    Like

Related articles
Copyright© 2026 Tech Science Press
© 1997-2026 TSP (Henderson, USA) unless otherwise stated

Share Link