Awalin Sopan, Matthew Berninger, Murali Mulakaluri, Raj Katakam
{"title":"Building a Machine Learning Model for the SOC, by the Input from the SOC, and Analyzing it for the SOC","authors":"Awalin Sopan, Matthew Berninger, Murali Mulakaluri, Raj Katakam","doi":"10.1109/VIZSEC.2018.8709231","DOIUrl":null,"url":null,"abstract":"This work demonstrates an ongoing effort to employ and explain machine learning model predictions for classifying alerts in Security Operations Centers (SOC). Our ultimate goal is to reduce analyst workload by automating the process of decision making for investigating alerts using the machine learning model in cases where we can completely trust the model. This way, SOC analysts will be able to focus their time and effort to investigate more complex cases of security alerts. To achieve this goal, we developed a system that shows the prediction for an alert and the prediction explanation to security analysts during their daily workflow of investigating individual security alerts. Another part of our system presents the aggregated model analytics to the managers and stakeholders to help them understand the model and decide, on when to trust the model and let the model make the final decision. Using our prediction explanation visualization, security analysts will be able to classify oncoming alerts more efficiently and gain insight into how a machine learning model generates predictions. Our model performance analysis dashboard helps decision makers analyze the model in signature level granularity and gain more insights about the model.","PeriodicalId":412565,"journal":{"name":"2018 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE Symposium on Visualization for Cyber Security (VizSec)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/VIZSEC.2018.8709231","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 17
Abstract
This work demonstrates an ongoing effort to employ and explain machine learning model predictions for classifying alerts in Security Operations Centers (SOC). Our ultimate goal is to reduce analyst workload by automating the process of decision making for investigating alerts using the machine learning model in cases where we can completely trust the model. This way, SOC analysts will be able to focus their time and effort to investigate more complex cases of security alerts. To achieve this goal, we developed a system that shows the prediction for an alert and the prediction explanation to security analysts during their daily workflow of investigating individual security alerts. Another part of our system presents the aggregated model analytics to the managers and stakeholders to help them understand the model and decide, on when to trust the model and let the model make the final decision. Using our prediction explanation visualization, security analysts will be able to classify oncoming alerts more efficiently and gain insight into how a machine learning model generates predictions. Our model performance analysis dashboard helps decision makers analyze the model in signature level granularity and gain more insights about the model.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
