AI/ML Models for Mitigating False Positives in Large-Scale Security Alert Systems
Keywords:
false positives, supervised learningAbstract
Security warning systems in large companies must remove false positives, which harm SOC performance. This work solves using AI/ML. Chronicle Security AI and Datadog impact SOC research. Random Forests, Gradient Boosting Machines (GBMs), and Deep Neural Networks (DNNs) reduce false positives and improve threat identification in high-volume security. Analyst fatigue, resource allocation, and response priority are affected by false positives. Training alert filtering and classification. DNNs can learn complex patterns and correlations in multidimensional alert data, whereas ensemble learning can combine weak learners to generate strong prediction models.
References
1. Y. Zhang, J. Xie, and Z. Wu, "AI-based intrusion detection systems: A survey," Computers & Security, vol. 87, pp. 101614, Mar. 2020.
2. R. Gupta, S. Sharma, and V. Gupta, "Reducing false positives in intrusion detection systems using machine learning," IEEE Access, vol. 8, pp. 33251-33260, 2020.
3. M. Ammar, M. Guizani, and T. El-Gorib, "Machine learning for cybersecurity: A survey and research directions," IEEE Communications Surveys & Tutorials, vol. 22, no. 3, pp. 2083-2117, 2020.
4. M. A. Islam, A. S. Yassein, and A. R. Al-Ali, "Artificial intelligence and machine learning for security alert classification in cybersecurity," Journal of Computational Science, vol. 43, pp. 101126, May 2020.
Published
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
