Alert Triage

Alert triage aims to efficiently prioritize and filter security alerts or warnings, reducing the overwhelming "alert fatigue" faced by analysts and improving response times. Current research focuses on developing machine learning models, including statistical learning and reinforcement learning, to automate this process, often leveraging techniques like large-scale clustering and transfer learning to identify patterns and prioritize truly critical events. These advancements are crucial for improving cybersecurity defenses and optimizing public health responses to events like extreme heat, enabling more effective resource allocation and potentially saving lives and reducing financial losses.

Papers

May 7, 2024

Carbon Filter: Real-time Alert Triage Using Large Scale Clustering and Fast Search
Jonathan Oliver, Raghav Batta, Adam Bates, Muhammad Adil Inam, Shelly Mehta, Shugao Xia
Search Query Max Filter Alert System False Alarm Endpoint Detection Alert Triage

December 21, 2023

Optimizing Heat Alert Issuance with Reinforcement Learning
Ellen M. Considine, Rachel C. Nethery, Gregory A. Wellenius, Francesca Dominici, Mauricio Tec
Reinforcement Learning Reinforcement Learning Policy Societal Adaptation Alert Triage

December 28, 2022

HeATed Alert Triage (HeAT): Transferrable Learning to Extract Multistage Attack Campaigns
Stephen Moskal, Shanchieh Jay Yang
Cyber Attack Penetration Testing Novel Attack Attack Pattern Model Transfer Alert Triage

Alert Triage

Papers

Carbon Filter: Real-time Alert Triage Using Large Scale Clustering and Fast Search

Optimizing Heat Alert Issuance with Reinforcement Learning

HeATed Alert Triage (HeAT): Transferrable Learning to Extract Multistage Attack Campaigns