Applied Sciences (Feb 2023)

AI-Assisted Security Alert Data Analysis with Imbalanced Learning Methods

  • Samuel Ndichu,
  • Tao Ban,
  • Takeshi Takahashi,
  • Daisuke Inoue

DOI
https://doi.org/10.3390/app13031977
Journal volume & issue
Vol. 13, no. 3
p. 1977

Abstract

Read online

Intrusion analysis is essential for cybersecurity, but oftentimes, the overwhelming number of false alerts issued by security appliances can prove to be a considerable hurdle. Machine learning algorithms can automate a task known as security alert data analysis to facilitate faster alert triage and incident response. This paper presents a bidirectional approach to address severe class imbalance in security alert data analysis. The proposed method utilizes an ensemble of three oversampling techniques to generate an augmented set of high-quality synthetic positive samples and employs a data subsampling algorithm to identify and remove noisy negative samples. Experimental results using an enterprise and a benchmark dataset confirm that this approach yields significantly improved recall and false positive rates compared with conventional oversampling techniques, suggesting its potential for more effective and efficient AI-assisted security operations.

Keywords