Name
Title | ||
|---|---|---|
Design and Evaluation of an Approach for Feedback-Based Adaptation of Incident Prioritization |
Abstract | ||
|---|---|---|
Network security tools like Security Information and Event Management systems detect and process incidents with respect to the network and environment they occur in. Part of the analysis is used to estimate a priority for the incident to effectively assign the limited workforce on the most important events. This process is referred to as incident prioritization and it is typically based on a set of static rules and calculations. Due to shifting concepts, new network entities, different attacks or changing guidelines, the rules may contain errors, which leads to incorrectly prioritized incidents. An explicit process to even identify those problems is often amiss, let alone assistance to adjust the model. In this paper, we present an approach to adapt an incident prioritization model to correct errors in the rating process. We developed concepts to collect feedback from an analyst and automatically generate and evaluate improvements to the prioritization model. The evaluation of our approach on real and synthetic data in a comparative experiment using further, regular learning algorithms shows promising results. |
Year | DOI | Venue |
|---|---|---|
2019 | 10.1109/ICDIS.2019.00012 | 2019 2nd International Conference on Data Intelligence and Security (ICDIS) |
Keywords | Field | DocType |
incident prioritization, network security, cyber security, adaptive learning | Workforce,Computer science,Network security,Prioritization,Risk analysis (engineering),Synthetic data,Security information and event management,Adaptive learning | Conference |
ISBN | Citations | PageRank |
978-1-7281-2081-2 | 1 | 0.39 |
References | Authors | |
3 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Leonard Renners | 1 | 1 | 0.39 |
| Felix Heine | 2 | 1 | 0.39 |
| Carsten Kleiner | 3 | 73 | 21.21 |
| Gabi Dreo Rodosek | 4 | 134 | 44.97 |