Leonard Renners, Felix Heine, Carsten Kleiner, G. Rodosek
{"title":"基于反馈的事件优先级自适应方法的设计与评价","authors":"Leonard Renners, Felix Heine, Carsten Kleiner, G. Rodosek","doi":"10.1109/ICDIS.2019.00012","DOIUrl":null,"url":null,"abstract":"Network security tools like Security Information and Event Management systems detect and process incidents with respect to the network and environment they occur in. Part of the analysis is used to estimate a priority for the incident to effectively assign the limited workforce on the most important events. This process is referred to as incident prioritization and it is typically based on a set of static rules and calculations. Due to shifting concepts, new network entities, different attacks or changing guidelines, the rules may contain errors, which leads to incorrectly prioritized incidents. An explicit process to even identify those problems is often amiss, let alone assistance to adjust the model. In this paper, we present an approach to adapt an incident prioritization model to correct errors in the rating process. We developed concepts to collect feedback from an analyst and automatically generate and evaluate improvements to the prioritization model. The evaluation of our approach on real and synthetic data in a comparative experiment using further, regular learning algorithms shows promising results.","PeriodicalId":181673,"journal":{"name":"2019 2nd International Conference on Data Intelligence and Security (ICDIS)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Design and Evaluation of an Approach for Feedback-Based Adaptation of Incident Prioritization\",\"authors\":\"Leonard Renners, Felix Heine, Carsten Kleiner, G. Rodosek\",\"doi\":\"10.1109/ICDIS.2019.00012\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Network security tools like Security Information and Event Management systems detect and process incidents with respect to the network and environment they occur in. Part of the analysis is used to estimate a priority for the incident to effectively assign the limited workforce on the most important events. This process is referred to as incident prioritization and it is typically based on a set of static rules and calculations. Due to shifting concepts, new network entities, different attacks or changing guidelines, the rules may contain errors, which leads to incorrectly prioritized incidents. An explicit process to even identify those problems is often amiss, let alone assistance to adjust the model. In this paper, we present an approach to adapt an incident prioritization model to correct errors in the rating process. We developed concepts to collect feedback from an analyst and automatically generate and evaluate improvements to the prioritization model. The evaluation of our approach on real and synthetic data in a comparative experiment using further, regular learning algorithms shows promising results.\",\"PeriodicalId\":181673,\"journal\":{\"name\":\"2019 2nd International Conference on Data Intelligence and Security (ICDIS)\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 2nd International Conference on Data Intelligence and Security (ICDIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICDIS.2019.00012\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 2nd International Conference on Data Intelligence and Security (ICDIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDIS.2019.00012","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Design and Evaluation of an Approach for Feedback-Based Adaptation of Incident Prioritization
Network security tools like Security Information and Event Management systems detect and process incidents with respect to the network and environment they occur in. Part of the analysis is used to estimate a priority for the incident to effectively assign the limited workforce on the most important events. This process is referred to as incident prioritization and it is typically based on a set of static rules and calculations. Due to shifting concepts, new network entities, different attacks or changing guidelines, the rules may contain errors, which leads to incorrectly prioritized incidents. An explicit process to even identify those problems is often amiss, let alone assistance to adjust the model. In this paper, we present an approach to adapt an incident prioritization model to correct errors in the rating process. We developed concepts to collect feedback from an analyst and automatically generate and evaluate improvements to the prioritization model. The evaluation of our approach on real and synthetic data in a comparative experiment using further, regular learning algorithms shows promising results.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
