Alert Prioritisation in Security Operations Centres: A Systematic Survey on Criteria and Methods
F Jalalvand, M Baruwal Chhetri, S Nepal… - ACM Computing …, 2024 - dl.acm.org
Security Operations Centres (SOCs) are specialised facilities where security analysts
leverage advanced technologies to monitor, detect and respond to cyber incidents …
leverage advanced technologies to monitor, detect and respond to cyber incidents …
Data-driven decision support for optimizing cyber forensic investigations
Cyber attacks consisting of several attack actions can present considerable challenge to
forensic investigations. Consider the case where a cybersecurity breach is suspected …
forensic investigations. Consider the case where a cybersecurity breach is suspected …
Predicting next-day discharge via electronic health record access logs
Objective Hospital capacity management depends on accurate real-time estimates of
hospital-wide discharges. Estimation by a clinician requires an excessively large amount of …
hospital-wide discharges. Estimation by a clinician requires an excessively large amount of …
Off-policy actor-critic deep reinforcement learning methods for alert prioritization in intrusion detection systems
Alert prioritization plays a very important role in network security as it helps security teams
manage and respond to the overwhelming volume of alerts generated by intrusion detection …
manage and respond to the overwhelming volume of alerts generated by intrusion detection …
Finding needles in a moving haystack: Prioritizing alerts with adversarial reinforcement learning
Detection of malicious behavior is a fundamental problem in security. One of the major
challenges in using detection systems in practice is in dealing with an overwhelming …
challenges in using detection systems in practice is in dealing with an overwhelming …
Principled data-driven decision support for cyber-forensic investigations
In the wake of a cybersecurity incident, it is crucial to promptly discover how the threat actors
breached security in order to assess the impact of the incident and to develop and deploy …
breached security in order to assess the impact of the incident and to develop and deploy …
SAC-AP: Soft actor critic based deep reinforcement learning for alert prioritization
Intrusion detection systems (IDS) generate a large number of false alerts which makes it
difficult to inspect true positives. Hence, alert prioritization plays a crucial role in deciding …
difficult to inspect true positives. Hence, alert prioritization plays a crucial role in deciding …
Dynamic threshold strategy optimization for security protection in Internet of Things: An adversarial deep learning‐based game‐theoretical approach
As mobile communications, the Internet, databases, distributed computing, and other
technologies continue to develop, the Internet of Things (IoT) has emerged as prevalent …
technologies continue to develop, the Internet of Things (IoT) has emerged as prevalent …
To warn or not to warn: online signaling in audit games
Routine operational use of sensitive data is often governed by law and regulation. For
instance, in the medical domain, there are various statues at the state and federal level that …
instance, in the medical domain, there are various statues at the state and federal level that …
PanDa Game: Optimized Privacy-Preserving Publishing of Individual-Level Pandemic Data Based on a Game Theoretic Model
Sharing individual-level pandemic data is essential for accelerating the understanding of a
disease. For example, COVID-19 data have been widely collected to support public health …
disease. For example, COVID-19 data have been widely collected to support public health …