PCAM: A Data-driven Probabilistic Cyber-alert Management Framework

Chen, Haipeng; Duncklee, Andrew; Jajodia, Sushil; Li, Rui; McNamara, Sean; Subrahmanian, V. S.

doi:10.1145/3511101

ACM Trans. Internet Technol.

2022

DOI: 10.1145/3511101

|View full text |Cite

PCAM: A Data-driven Probabilistic Cyber-alert Management Framework

Haipeng Chen

Andrew Duncklee

Sushil Jajodia

et al.

Abstract: We propose PCAM , a Probabilistic Cyber-Alert Management framework, that enables chief information security officers to better manage cyber-alerts. Workers in Cyber Security Operation Centers usually work in 8- or 12-hour shifts. Before a shift, PCAM analyzes data about all past alerts and true alerts during the shift time-frame to schedule a given set of analysts in accordance with workplace constraints so that the expected number of “uncovered” true alerts (i.e… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2022

2024

Publication Types

Select...

Article3

Relationship

Self Cite0

Independent3

Authors

Journals

Cited by 3 publications

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

A Machine Learning and Optimization Framework for Efficient Alert Management in a Cybersecurity Operations Center

Ghadermazi,

Shah,

Jajodia

2024

Digital Threats

View full text Add to dashboard Cite

Cybersecurity operations centers (CSOCs) protect organizations by monitoring network traffic and detecting suspicious activities in the form of alerts. The security response team within CSOCs is responsible for investigating and mitigating alerts. However, an imbalance between alert volume and available analysts creates a backlog, putting the network at risk of exploitation. Recent research has focused on improving the alert management process by triaging alerts, optimizing analyst scheduling, and reducing analyst workload through systematic discarding of alerts. However, these works overlook the delays caused in alert investigations by several factors, including: (i) False or benign alerts contributing to the backlog. (ii) Analysts experiencing cognitive burden from repeatedly reviewing unrelated alerts. (iii) Analysts being assigned to alerts that do not match well with their expertise. We propose a novel framework that considers these factors and utilizes machine learning and mathematical optimization methods to dynamically improve throughput during work shifts. The framework achieves efficiency by automating the identification and removal of a portion of benign alerts, forming clusters of similar alerts, and assigning analysts to alerts with matching attributes. Experiments conducted using real-world CSOC data demonstrate a 60.16% reduction in the alert backlog for an 8-hour work shift compared to currently employed approach.

show abstract

A Machine Learning and Optimization Framework for Efficient Alert Management in a Cybersecurity Operations Center

Ghadermazi,

Shah,

Jajodia

2024

Digital Threats

View full text Add to dashboard Cite

show abstract

Applied Machine Learning for Information Security

Samtani,

Raff,

Anderson

2024

Digital Threats

View full text Add to dashboard Cite

Information security has undoubtedly become a critical aspect of modern cybersecurity practices. Over the last half-decade, numerous academic and industry groups have sought to develop machine learning, deep learning, and other areas of artificial intelligence-enabled analytics into information security practices. The Conference on Applied Machine Learning (CAMLIS) is an emerging venue that seeks to gather researchers and practitioners to discuss applied and fundamental research on machine learning for information security applications. In 2021, CAMLIS partnered with ACM Digital Threats: Research and Practice (DTRAP) to provide opportunities for authors of accepted CAMLIS papers to submit their research for consideration into ACM DTRAP via a Special Issue on Applied Machine Learning for Information Security. This editorial summarizes the results of this Special Issue.

show abstract

Intelligent Adaptive Optimisation Method for Enhancement of Information Security in IoT-Enabled Environments

et al. 2022

View full text Add to dashboard Cite

The usage of the Internet increased dramatically during the start of the twenty-first century, entangling the system with a variety of services, including social media and e-commerce. These systems begin producing a large volume of data that has to be secured and safeguarded from unauthorised users and devices. In order to safeguard the information of the cyber world, this research suggests an expanded form of differential evolution (DE) employing an intelligent mutation operator with an optimisation-based design. It combines a novel mutation technique with DE to increase the diversity of potential solutions. The new intelligent mutation operator improves the security, privacy, integrity, and authenticity of the information system by identifying harmful requests and responses and helping to defend the system against assault. When implemented on an e-commerce application, the performance of the suggested technique is assessed in terms of confidentiality, integrity, authentication, and availability. The experimental findings show that the suggested strategy outperforms the most recent evolutionary algorithm (EA).

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

PCAM: A Data-driven Probabilistic Cyber-alert Management Framework

Cited by 3 publications

References 18 publications

A Machine Learning and Optimization Framework for Efficient Alert Management in a Cybersecurity Operations Center

A Machine Learning and Optimization Framework for Efficient Alert Management in a Cybersecurity Operations Center

Applied Machine Learning for Information Security

Intelligent Adaptive Optimisation Method for Enhancement of Information Security in IoT-Enabled Environments

Contact Info

Product

Resources

About