Authors: Jonathan Oliver, Raghav Batta, Adam Bates, Muhammad Adil Inam, Shelly Mehta, Shugao Xia

Published on: May 07, 2024

Impact Score: 8.2

Arxiv code: Arxiv:2405.04691

Summary

• What is new: A new statistical learning based system, named Carbon Filter, that efficiently identifies and separates false alerts from suspicious behaviors in SOC environments.
• Why this is important: Security analysts are overwhelmed by false alerts from endpoint detection products, wasting time that could be spent on real threats.
• What the research proposes: A fast-search algorithm based approach that examines the process initiation context, scaling to efficiently review millions of alerts per day.
• Results: Achieved a 6-fold improvement in the Signal-to-Noise ratio of alert handling without affecting alert triage performance, processing up to 20 million alerts per hour.

Technical Details

Technological frameworks used: Statistical learning

Models used: Fast-search algorithms for training and inference

Data used: Tens of million alerts from customer deployments

Potential Impact

Security Operations Centers (SOCs), endpoint detection product companies, and cybersecurity service providers could benefit or face disruption.

Want to implement this idea in a business?

We have generated a startup concept here: AlertSift.