Alert Triage v 0.1 beta
- Sandia National Laboratories
In the cyber security operations of a typical organization, data from multiple sources are monitored, and when certain conditions in the data are met, an alert is generated in an alert management system. Analysts inspect these alerts to decide if any deserve promotion to an event requiring further scrutiny. This triage process is manual, time-consuming, and detracts from the in-depth investigation of events. We have created a software system that uses supervised machine learning to automatically prioritize these alerts. In particular we utilize active learning to make efficient use of the pool of unlabeled alerts, thereby improving the performance of our ranking models over passive learning. We have demonstrated the effectiveness of our system on a large, real-world dataset of cyber security alerts.
- Short Name / Acronym:
- Alert Triage; 004626MLTPL00
- Site Accession Number:
- SCR #1637
- Version:
- 00
- Programming Language(s):
- Medium: X; OS: Python
- Research Organization:
- Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC04-94AL85000
- OSTI ID:
- 1312888
- Country of Origin:
- United States
Similar Records
Situational Awareness of Network System Roles (SANSR)
MapReduceXMT v. Beta 0.1