Design and Evaluation of an Approach for Feedback-Based Adaptation of Incident Prioritization

2019 2nd International Conference on Data Intelligence and Security (ICDIS) Pub Date : 2019-06-01 DOI:10.1109/ICDIS.2019.00012

Leonard Renners, Felix Heine, Carsten Kleiner, G. Rodosek

{"title":"Design and Evaluation of an Approach for Feedback-Based Adaptation of Incident Prioritization","authors":"Leonard Renners, Felix Heine, Carsten Kleiner, G. Rodosek","doi":"10.1109/ICDIS.2019.00012","DOIUrl":null,"url":null,"abstract":"Network security tools like Security Information and Event Management systems detect and process incidents with respect to the network and environment they occur in. Part of the analysis is used to estimate a priority for the incident to effectively assign the limited workforce on the most important events. This process is referred to as incident prioritization and it is typically based on a set of static rules and calculations. Due to shifting concepts, new network entities, different attacks or changing guidelines, the rules may contain errors, which leads to incorrectly prioritized incidents. An explicit process to even identify those problems is often amiss, let alone assistance to adjust the model. In this paper, we present an approach to adapt an incident prioritization model to correct errors in the rating process. We developed concepts to collect feedback from an analyst and automatically generate and evaluate improvements to the prioritization model. The evaluation of our approach on real and synthetic data in a comparative experiment using further, regular learning algorithms shows promising results.","PeriodicalId":181673,"journal":{"name":"2019 2nd International Conference on Data Intelligence and Security (ICDIS)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 2nd International Conference on Data Intelligence and Security (ICDIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDIS.2019.00012","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Network security tools like Security Information and Event Management systems detect and process incidents with respect to the network and environment they occur in. Part of the analysis is used to estimate a priority for the incident to effectively assign the limited workforce on the most important events. This process is referred to as incident prioritization and it is typically based on a set of static rules and calculations. Due to shifting concepts, new network entities, different attacks or changing guidelines, the rules may contain errors, which leads to incorrectly prioritized incidents. An explicit process to even identify those problems is often amiss, let alone assistance to adjust the model. In this paper, we present an approach to adapt an incident prioritization model to correct errors in the rating process. We developed concepts to collect feedback from an analyst and automatically generate and evaluate improvements to the prioritization model. The evaluation of our approach on real and synthetic data in a comparative experiment using further, regular learning algorithms shows promising results.

查看原文本刊更多论文

基于反馈的事件优先级自适应方法的设计与评价

网络安全工具，如安全信息和事件管理系统检测和处理与网络和环境相关的事件。分析的一部分用于估计事件的优先级，以便有效地将有限的劳动力分配到最重要的事件上。这个过程被称为事件优先级排序，它通常基于一组静态规则和计算。由于概念的转变、新的网络实体、不同的攻击方式或方针的改变，规则可能会出现错误，导致事件的优先级不正确。识别这些问题的明确过程往往是错误的，更不用说帮助调整模型了。在本文中，我们提出了一种方法来调整事件优先级模型，以纠正评级过程中的错误。我们开发了一些概念来收集来自分析人员的反馈，并自动生成和评估优先级模型的改进。在使用进一步的常规学习算法的比较实验中，对我们的方法在真实和合成数据上的评估显示出有希望的结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 2nd International Conference on Data Intelligence and Security (ICDIS)

自引率

0.00%

发文量