Combat Security Alert Fatigue with AI-Assisted Techniques

Proceedings of the 14th Cyber Security Experimentation and Test Workshop Pub Date : 2021-08-09 DOI:10.1145/3474718.3474723

Tao Ban, Samuel Ndichu, Takeshi Takahashi, D. Inoue

{"title":"Combat Security Alert Fatigue with AI-Assisted Techniques","authors":"Tao Ban, Samuel Ndichu, Takeshi Takahashi, D. Inoue","doi":"10.1145/3474718.3474723","DOIUrl":null,"url":null,"abstract":"The main challenge for security information and event management (SIEM) is to find critical security incidents among a huge number of false alerts generated from separate security products. To address the alert fatigue problem that is common for security experts operating the SIEM, we propose a new alert screening scheme that leverages artificial intelligence (AI)-assisted tools to distinguish actual threats from false alarms without investigating every alert. The proposed scheme incorporates carefully chosen learning algorithms and newly designed visualization tools to facilitate speedy alert analysis and incident response. The proposed scheme is evaluated on an alert dataset collected in the security operation center of an enterprise. With a recall rate of 99.598% for highly critical alerts and a false positive rate of 0.001% reported, the proposed scheme demonstrated very promising potential for real world security operations. We believe the proposed scheme is effective in addressing the alert fatigue problem, and therefore paves the way for a consolidated security solution for network security at the enterprise level.","PeriodicalId":128435,"journal":{"name":"Proceedings of the 14th Cyber Security Experimentation and Test Workshop","volume":"78 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 14th Cyber Security Experimentation and Test Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3474718.3474723","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 18

Abstract

The main challenge for security information and event management (SIEM) is to find critical security incidents among a huge number of false alerts generated from separate security products. To address the alert fatigue problem that is common for security experts operating the SIEM, we propose a new alert screening scheme that leverages artificial intelligence (AI)-assisted tools to distinguish actual threats from false alarms without investigating every alert. The proposed scheme incorporates carefully chosen learning algorithms and newly designed visualization tools to facilitate speedy alert analysis and incident response. The proposed scheme is evaluated on an alert dataset collected in the security operation center of an enterprise. With a recall rate of 99.598% for highly critical alerts and a false positive rate of 0.001% reported, the proposed scheme demonstrated very promising potential for real world security operations. We believe the proposed scheme is effective in addressing the alert fatigue problem, and therefore paves the way for a consolidated security solution for network security at the enterprise level.

查看原文本刊更多论文

利用人工智能辅助技术消除安全警报疲劳

安全信息和事件管理(SIEM)面临的主要挑战是在独立安全产品生成的大量错误警报中发现关键的安全事件。为了解决操作SIEM的安全专家常见的警报疲劳问题，我们提出了一种新的警报筛选方案，该方案利用人工智能(AI)辅助工具来区分实际威胁和假警报，而无需调查每个警报。该方案结合了精心选择的学习算法和新设计的可视化工具，以促进快速警报分析和事件响应。在某企业安全运营中心收集的警报数据集上对该方案进行了评估。高度关键警报的召回率为99.598%，报告的误报率为0.001%，所提出的方案在现实世界的安全操作中显示出非常有希望的潜力。我们相信所提出的方案能够有效地解决警报疲劳问题，从而为企业层面的网络安全综合安全解决方案铺平道路。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 14th Cyber Security Experimentation and Test Workshop

自引率

0.00%

发文量