Tao Ban, Samuel Ndichu, Takeshi Takahashi, D. Inoue
{"title":"利用人工智能辅助技术消除安全警报疲劳","authors":"Tao Ban, Samuel Ndichu, Takeshi Takahashi, D. Inoue","doi":"10.1145/3474718.3474723","DOIUrl":null,"url":null,"abstract":"The main challenge for security information and event management (SIEM) is to find critical security incidents among a huge number of false alerts generated from separate security products. To address the alert fatigue problem that is common for security experts operating the SIEM, we propose a new alert screening scheme that leverages artificial intelligence (AI)-assisted tools to distinguish actual threats from false alarms without investigating every alert. The proposed scheme incorporates carefully chosen learning algorithms and newly designed visualization tools to facilitate speedy alert analysis and incident response. The proposed scheme is evaluated on an alert dataset collected in the security operation center of an enterprise. With a recall rate of 99.598% for highly critical alerts and a false positive rate of 0.001% reported, the proposed scheme demonstrated very promising potential for real world security operations. We believe the proposed scheme is effective in addressing the alert fatigue problem, and therefore paves the way for a consolidated security solution for network security at the enterprise level.","PeriodicalId":128435,"journal":{"name":"Proceedings of the 14th Cyber Security Experimentation and Test Workshop","volume":"78 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":"{\"title\":\"Combat Security Alert Fatigue with AI-Assisted Techniques\",\"authors\":\"Tao Ban, Samuel Ndichu, Takeshi Takahashi, D. Inoue\",\"doi\":\"10.1145/3474718.3474723\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The main challenge for security information and event management (SIEM) is to find critical security incidents among a huge number of false alerts generated from separate security products. To address the alert fatigue problem that is common for security experts operating the SIEM, we propose a new alert screening scheme that leverages artificial intelligence (AI)-assisted tools to distinguish actual threats from false alarms without investigating every alert. The proposed scheme incorporates carefully chosen learning algorithms and newly designed visualization tools to facilitate speedy alert analysis and incident response. The proposed scheme is evaluated on an alert dataset collected in the security operation center of an enterprise. With a recall rate of 99.598% for highly critical alerts and a false positive rate of 0.001% reported, the proposed scheme demonstrated very promising potential for real world security operations. We believe the proposed scheme is effective in addressing the alert fatigue problem, and therefore paves the way for a consolidated security solution for network security at the enterprise level.\",\"PeriodicalId\":128435,\"journal\":{\"name\":\"Proceedings of the 14th Cyber Security Experimentation and Test Workshop\",\"volume\":\"78 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-08-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"18\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 14th Cyber Security Experimentation and Test Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3474718.3474723\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 14th Cyber Security Experimentation and Test Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3474718.3474723","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Combat Security Alert Fatigue with AI-Assisted Techniques
The main challenge for security information and event management (SIEM) is to find critical security incidents among a huge number of false alerts generated from separate security products. To address the alert fatigue problem that is common for security experts operating the SIEM, we propose a new alert screening scheme that leverages artificial intelligence (AI)-assisted tools to distinguish actual threats from false alarms without investigating every alert. The proposed scheme incorporates carefully chosen learning algorithms and newly designed visualization tools to facilitate speedy alert analysis and incident response. The proposed scheme is evaluated on an alert dataset collected in the security operation center of an enterprise. With a recall rate of 99.598% for highly critical alerts and a false positive rate of 0.001% reported, the proposed scheme demonstrated very promising potential for real world security operations. We believe the proposed scheme is effective in addressing the alert fatigue problem, and therefore paves the way for a consolidated security solution for network security at the enterprise level.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
