Name
Title | ||
|---|---|---|
Exploiting Time and Subject Locality for Fast, Efficient, and Understandable Alert Triage |
Abstract | ||
|---|---|---|
In many organizations, intrusion detection and other related systems are tuned to generate security alerts, which are then manually inspected by cyber-security analysts. These analysts often devote a large portion of time to inspecting these alerts, most of which are innocuous. Thus, it would be greatly beneficial to reduce the number of innocuous alerts, allowing analysts to utilize their time and skills for other aspects of cyber defense. In this work, we devise several simple, fast, and easily understood models to cut back this manual inspection workload, while maintaining high true positive and true negative rates. We demonstrate their effectiveness on real data, and discuss their potential utility in application by others. |
Year | DOI | Venue |
|---|---|---|
2018 | 10.1109/ICCNC.2018.8390341 | 2018 International Conference on Computing, Networking and Communications (ICNC) |
Keywords | Field | DocType |
security alerts,cyber-security analysts,innocuous alerts,cyber defense,true negative rates,subject locality,intrusion detection,true positive rates,time locality,alert triage | Locality,Task analysis,Workload,Computer security,Computer science,Cyber defense,Triage,Intrusion detection system,True negative | Conference |
ISSN | ISBN | Citations |
2325-2626 | 978-1-5386-3653-4 | 0 |
PageRank | References | Authors |
0.34 | 5 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| David Kavaler | 1 | 25 | 2.84 |
| Corey Hudson | 2 | 0 | 0.34 |
| Bierma, M. | 3 | 0 | 0.68 |