AI-Assisted Security Alert Data Analysis with Imbalanced Learning Methods-Reference-Cited by-同舟云学术

AI-Assisted Security Alert Data Analysis with Imbalanced Learning Methods

Published:2023-02-03 Issue:3 Volume:13 Page:1977
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Ndichu Samuel¹^ORCID,Ban Tao¹^ORCID,Takahashi Takeshi¹^ORCID,Inoue Daisuke¹^ORCID

Affiliation:

1. Cybersecurity Research Institute, National Institute of Information and Communications Technology, Tokyo 184-8795, Japan

Abstract

Intrusion analysis is essential for cybersecurity, but oftentimes, the overwhelming number of false alerts issued by security appliances can prove to be a considerable hurdle. Machine learning algorithms can automate a task known as security alert data analysis to facilitate faster alert triage and incident response. This paper presents a bidirectional approach to address severe class imbalance in security alert data analysis. The proposed method utilizes an ensemble of three oversampling techniques to generate an augmented set of high-quality synthetic positive samples and employs a data subsampling algorithm to identify and remove noisy negative samples. Experimental results using an enterprise and a benchmark dataset confirm that this approach yields significantly improved recall and false positive rates compared with conventional oversampling techniques, suggesting its potential for more effective and efficient AI-assisted security operations.

Funder

Ministry of Internal Affairs and Communications

Publisher

MDPI AG

Subject

Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science

Link

https://www.mdpi.com/2076-3417/13/3/1977/pdf

Reference73 articles.

1. Botnet Attack Detection by Using CNN-LSTM Model for Internet of Things Applications;Alkahtani;Secur. Commun. Netw.,2021

2. Intrusion Detection System to Advance Internet of Things Infrastructure-Based Deep Learning Algorithms;Alkahtani;Complexity,2021

3. Zomlot, L., Sundaramurthy, S.C., Luo, K., Ou, X., and Rajagopalan, S.R. (2011, January 21). Prioritizing Intrusion Analysis Using Dempster-Shafer Theory. Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence (AISec ’11), Chicago, IL, USA.

4. The base-rate fallacy and the difficulty of intrusion detection;Axelsson;ACM Trans. Inf. Syst. Secur.,2000

5. Zhang, K., Luo, S., Xin, Y., Zhu, H., and Chen, Y. (2020). Online Mining Intrusion Patterns from IDS Alerts. Appl. Sci., 10.

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Machine Learning and Optimization Framework for Efficient Alert Management in a Cybersecurity Operations Center;Digital Threats: Research and Practice;2024-06-20

2. Artificial Intelligence and Machine Learning in Healthcare;Advances in Bioinformatics and Biomedical Engineering;2024-04-26

3. Enhanced pelican optimization algorithm with ensemble-based anomaly detection in industrial internet of things environment;Cluster Computing;2024-03-02

4. Machine Learning–Based Security Alert Screening with Focal Loss;2023 IEEE International Conference on Big Data (BigData);2023-12-15

5. The impact of artificial intelligence on organisational cyber security: An outcome of a systematic literature review;Data and Information Management;2023-12