Navegando por Autor "Simião, Augusto Fernando de Melo"
Agora exibindo 1 - 1 de 1
- Resultados por Página
- Opções de Ordenação
Item Análise da utilização de aprendizado de máquina na redução do volume de alertas benignos(2019) Simião, Augusto Fernando de Melo; Soares, Rodrigo Gabriel Ferreira; http://lattes.cnpq.br/2526739219416964; http://lattes.cnpq.br/0529129636604731To aid in combating cyber attacks, Managed Security Services Providers (MSSPs) use SIEMs (Security Information and Event Management). SIEMs are able to aggregate, process and correlate vast amounts of events from different systems, alerting security analysts of the existence of threats, such as computer viruses and cyber attacks, in computer networks. However, SIEMs are known for the high rates of benign alertas (non-threatening alerts) warnings relative to malign alerts (threatening alerts). Due to the high volumes and prevalence of benign alertas, the analyst ignores alerts as a whole, which includes those that represent potential threats, thereby increasing the risk of a network compromise. This phenomenon is known as alert fatigue and has been a frequent target of applying machine learning techniques to reduce the volume of benign alerts. Modern SIEMs use machine learning, in correlation of events, so that only alerts that actually represent possible threats are reported. However, this correlation does not consider the analyst’s deliberation, thus allowing SIEMs to continue to generate alerts previously identified as benign. This paper investigates the use of the algorithms Naïve Bayesian Learning, Decision Tree and Random Forest, to reduce the volume of benign alerts using alerts previously identified by analysts, rather than the chain of events that generate such alerts. In this way, it was possible to show, through experiments, that supervised machine learning techniques can be applied in the identification of alerts previously identified as benign.