NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage 论文
2019引用 303
Network Security and Intrusion DetectionAdvanced Malware Detection TechniquesAnomaly Detection Techniques and Applications
摘要
Large enterprises are increasingly relying on threat detection softwares (e.g., Intrusion Detection Systems) to allow them to spot suspicious activities. These softwares generate alerts which must be investigated by cyber analysts to figure out if they are true attacks. Unfortunately, in practice, there are more alerts than cyber analysts can properly investigate. This leads to a "threat alert fatigue" or information overload problem where cyber analysts miss true attack alerts in the noise of false alarms.