查看文章

The main challenge for security information and event management (SIEM) is to find critical security incidents among a huge number of false alerts generated from separate security products. To address the alert fatigue problem that is common for security experts operating the SIEM, we propose a new alert screening scheme that leverages artificial intelligence (AI)-assisted tools to distinguish actual threats from false alarms without investigating every alert. The proposed scheme incorporates carefully chosen learning algorithms and newly designed visualization tools to facilitate speedy alert analysis and incident response. The proposed scheme is evaluated on an alert dataset collected in the security operation center of an enterprise. With a recall rate of 99.598% for highly critical alerts and a false positive rate of 0.001% reported, the proposed scheme demonstrated very promising potential for real world security …