Ban et al., 2021 - Google Patents
Combat security alert fatigue with ai-assisted techniquesBan et al., 2021
View PDF- Document ID
- 4361895765879332617
- Author
- Ban T
- Samuel N
- Takahashi T
- Inoue D
- Publication year
- Publication venue
- Proceedings of the 14th Cyber Security Experimentation and Test Workshop
External Links
Snippet
The main challenge for security information and event management (SIEM) is to find critical security incidents among a huge number of false alerts generated from separate security products. To address the alert fatigue problem that is common for security experts operating …
- 238000000034 method 0 title description 13
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N99/00—Subject matter not provided for in other groups of this subclass
- G06N99/005—Learning machines, i.e. computer in which a programme is changed according to experience gained by the machine itself during a complete run
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computer systems utilising knowledge based models
- G06N5/02—Knowledge representation
- G06N5/022—Knowledge engineering, knowledge acquisition
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ban et al. | Combat security alert fatigue with ai-assisted techniques | |
| Awotunde et al. | Intrusion detection in industrial internet of things network‐based on deep learning model with rule‐based feature selection | |
| Kumar et al. | Research trends in network-based intrusion detection systems: A review | |
| Bridges et al. | A survey of intrusion detection systems leveraging host data | |
| Aminanto et al. | Threat alert prioritization using isolation forest and stacked auto encoder with day-forward-chaining analysis | |
| Zoppi et al. | Unsupervised algorithms to detect zero-day attacks: Strategy and application | |
| Jethva et al. | Multilayer ransomware detection using grouped registry key operations, file entropy and file signature monitoring | |
| US8707431B2 (en) | Insider threat detection | |
| Stroeh et al. | An approach to the correlation of security events based on machine learning techniques | |
| Laurenza et al. | Malware triage for early identification of advanced persistent threat activities | |
| Sharon et al. | An intelligent intrusion detection system using hybrid deep learning approaches in cloud environment | |
| Abirami et al. | Building an ensemble learning based algorithm for improving intrusion detection system | |
| US20240275817A1 (en) | Using categorization tags for rule generation and update in a rules-based security system | |
| Racherache et al. | CPID: Insider threat detection using profiling and cyber-persona identification | |
| Alsaidi et al. | Ransomware detection using machine and deep learning approaches | |
| Uddin et al. | usfAD based effective unknown attack detection focused IDS framework | |
| J. Alyamani | RETRACTED: Cyber security for federated learning environment using AI technique | |
| Chen et al. | Predicting cyber threats with virtual security products | |
| Sallay et al. | Intrusion detection alert management for high‐speed networks: current researches and applications | |
| Ye et al. | Detect advanced persistent threat in graph-level using competitive autoencoder | |
| Chen et al. | Analyzing system log based on machine learning model | |
| Oueslati et al. | A survey on intrusion detection systems for IoT networks based on long short-term memory | |
| Al‐Sharif et al. | Enhancing cloud security: A study on ensemble learning‐based intrusion detection systems | |
| Monakhov et al. | A Machine-Synesthetic Approach To DDoS Network Attack Detection | |
| Badde et al. | Cyber attack detection framework for cloud computing |