Machine Learning–Based Security Alert Screening with Focal Loss
- Resource Type
- Conference
- Authors
- Ndichu, Samuel; Ban, Tao; Takahashi, Takeshi; Inoue, Daisuke
- Source
- 2023 IEEE International Conference on Big Data (BigData) Big Data (BigData), 2023 IEEE International Conference on. :3043-3052 Dec, 2023
- Subject
- Bioengineering
Computing and Processing
Geoscience
Robotics and Control Systems
Signal Processing and Analysis
Training
Adaptation models
Machine learning
Big Data
Fatigue
Threat assessment
Data models
Class imbalance
alert screening
alert fatigue
threat alert analysis
machine learning
- Language
Managing a constant stream of security alerts is challenging for cybersecurity teams. Traditional rule–based systems struggle to distinguish real threats from false alarms, which can overwhelm security teams. A significant issue is the scarcity of actual attacks compared to nonthreats. This paper presents a novel method using machine learning that incorporates the focal loss (FL) function to address such alert dataset imbalances. Our system employs a machine learning model trained on daily security alert data that is frequently updated for faster threat detection. The model learns to identify genuine threats while minimizing false alarms. We use the FL function to tackle dataset imbalance by giving more weight to challenging samples. Experiments on real–world datasets show that our approach outperforms existing methods. The FL function enhances alert prioritization, thereby reducing analyst fatigue. The method achieved a 0% false positive rate and high recall rates, demonstrating its potential for security alert screening. Our proposed method advances cybersecurity by reducing false alarms and enhancing threat detection. It also optimizes security resources and contributes to enhanced robust cybersecurity in our interconnected digital world.