TY - EJOU AU - Hu, Hangyu AU - Zhang, Liangrui AU - Huang, Xiaowei AU - Yao, Xingmiao AU - Qu, Youyang AU - Wu, Xia AU - Hu, Guangmin TI - Logic-Aware Security Playbook Generation for SOAR Using Adversarial Representation Learning T2 - Computers, Materials \& Continua PY - VL - IS - SN - 1546-2226 AB - With the evolution of information technology toward more advanced intelligence and automation, Security Orchestration, Automation, and Response (SOAR) has become a critical foundation for security incident handling, owing to its intelligent orchestration capabilities. Security playbooks, as the core mechanism for automated response in SOAR, require well-designed workflows and precise action matching to ensure efficient and accurate alert handling. However, with the rising sophistication of attacks and the expanding scale of security alerts, traditional expert-driven playbook recommendation approaches often degrade in recommendation quality or completely fail when existing playbook repositories cannot adequately cover unknown or novel alert scenarios. Generative Adversarial Network (GAN) offers a promising solution by capturing feature associations from existing playbooks and autonomously generating validated new playbooks tailored to previously unseen alert characteristics. Motivated by this, we propose a logic-aware, two-stage GAN-based playbook generation method in this paper. In the first stage, alert features are projected into a modeled playbook feature space to perform preliminary similarity matching. In the second stage, a hybrid strategy combining similarity-based recommendation and GAN-driven generation is used to produce and refine playbooks while preserving logical workflow integrity. Experimental results demonstrate that the proposed approach not only delivers high-precision playbook recommendations for known alert scenarios but also efficiently generates reliable playbooks for unseen alerts, achieving an average alert handling success rate of 86.55%, and thereby fulfilling response requirements in previously uncovered scenarios. KW - SOAR; security; intelligent recommendation; playbook generation; generative adversarial network DO - 10.32604/cmc.2026.081752