skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Alert Triage v 0.1 beta

Software ·
OSTI ID:1312888
 [1];  [1];  [1];  [1];  [1]
  1. Sandia National Laboratories
+ Show Developer Affiliations

In the cyber security operations of a typical organization, data from multiple sources are monitored, and when certain conditions in the data are met, an alert is generated in an alert management system. Analysts inspect these alerts to decide if any deserve promotion to an event requiring further scrutiny. This triage process is manual, time-consuming, and detracts from the in-depth investigation of events. We have created a software system that uses supervised machine learning to automatically prioritize these alerts. In particular we utilize active learning to make efficient use of the pool of unlabeled alerts, thereby improving the performance of our ranking models over passive learning. We have demonstrated the effectiveness of our system on a large, real-world dataset of cyber security alerts.

Short Name / Acronym:
Alert Triage; 004626MLTPL00
Site Accession Number:
SCR #1637
Version:
00
Programming Language(s):
Medium: X; OS: Python
Research Organization:
Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
Sponsoring Organization:
USDOE
DOE Contract Number:
AC04-94AL85000
OSTI ID:
1312888
Country of Origin:
United States

Similar Records

Insider Alert 1.0 Beta Version
Software · Sun Feb 01 00:00:00 EST 2004 · OSTI ID:1312888
Situational Awareness of Network System Roles (SANSR)
Software · Fri Jan 18 00:00:00 EST 2019 · OSTI ID:1312888
MapReduceXMT v. Beta 0.1
Software · Wed Feb 24 00:00:00 EST 2010 · OSTI ID:1312888
+1 more

Related Subjects