生成式人工智能赋能网络安全运营降噪能力研究

doi:10.12267/j.issn.2096-5931.2024.08.004

信息通信技术与政策 ›› 2024, Vol. 50 ›› Issue (8): 24-31.doi: 10.12267/j.issn.2096-5931.2024.08.004

生成式人工智能赋能网络安全运营降噪能力研究

Research on generative artificial intelligence empowering cybersecurity operations with noise reduction capability

孟楠, 周成胜, 赵勋

中国信息通信研究院安全研究所,北京 100191

收稿日期:2024-07-11 出版日期:2024-08-25 发布日期:2024-09-29
通讯作者: 周成胜，中国信息通信研究院安全研究所网络安全联创中心副主任、高级工程师,主要研究方向为网络安全、工业互联网安全、车联网安全、人工智能赋能网络安全、网络安全大数据等
作者简介:
孟楠, 中国信息通信研究院安全研究所副所长,高级工程师,主要研究方向为网络和数据安全、ICT新技术安全领域科研和技术创新、政策和标准制定工作等
赵勋, 中国信息通信研究院安全研究所网络安全联创中心工程师,主要研究方向为网络安全、密码技术、人工智能赋能网络安全、网络安全大数据等

MENG Nan, ZHOU Chengsheng, ZHAO Xun

Security Research Institute, China Academy of Information and Communications Technology, Beijing 100191, China

Received:2024-07-11 Online:2024-08-25 Published:2024-09-29

摘要/Abstract

摘要：

在数字化时代背景下,网络安全面临的挑战日益增加,告警疲劳问题突出,传统的告警处理方法因难以区分真假威胁而效率低下。通过采用生成式人工智能(Artificial Intelligence, AI)技术,不仅能更准确地识别安全威胁、减少误报,还能提高安全事件处理的效率。此外,AI的数据分析能力也有助于安全团队更有效应对复杂安全事件,提升网络安全运营水平。AI技术在实际应用中面临准确度和可解释性挑战,通过引入大型语言模型代理(Large Language Model Agent,LLM Agent)降噪系统,集成大小模型的能力,结合告警态势感知和知识库数据,能进一步提高降噪的准确率,实现告警降噪的高效处理。

关键词: 生成式人工智能, 告警降噪, 大型语言模型代理, 告警疲劳

Abstract:

Against the backdrop of the digital age, the challenges faced by cybersecurity are increasing, with alarm fatigue becoming a prominent issue. Traditional alarm handling methods suffer from low efficiency due to their inability to effectively distinguish between real and false threats. The adoption of generative artificial intelligence (AI) technology not only allows for more accurate identification of security threats and reduction in false alarms but also enhances the efficiency of handling security events. Moreover, AI’s capability in data analysis aids security teams in more effectively addressing complex security incidents, thereby improving the overall level of network security. Despite the challenges of accuracy and interpretability faced by AI technology in practical applications, the introduction of the LLM agent noise reduction system, which integrates the capabilities of both large and small models, combined with alert situation awareness and knowledge database data, can achieve efficient alarm processing.

Key words: generative artificial intelligence, alarm noise reduction, LLM agent, alarm fatigue

中图分类号:

孟楠, 周成胜, 赵勋. 生成式人工智能赋能网络安全运营降噪能力研究[J]. 信息通信技术与政策, 2024, 50(8): 24-31.

MENG Nan, ZHOU Chengsheng, ZHAO Xun. Research on generative artificial intelligence empowering cybersecurity operations with noise reduction capability[J]. Information and Communications Technology and Policy, 2024, 50(8): 24-31.

导出引用管理器 EndNote|Ris|BibTeX

链接本文:

http://ictp.caict.ac.cn/CN/10.12267/j.issn.2096-5931.2024.08.004

http://ictp.caict.ac.cn/CN/Y2024/V50/I8/24

图/表 8

图1 基于真实数据的DBSCAN聚类算法在告警降噪上的应用示例

图2 微调数据集输入数据部分示例

图3 微调数据集输出数据部分示例

图4 降噪大模型研判提示词部分示例

图5 基于LLM的Agent 降噪体系架构

图6 LangChain React Agent 调度提示词模板

图7 工具预处理告警事件过程

图8 告警事件载荷向量化示例

参考文献 16

[1]	CARBONE P, KATSIFODIMOS A, EWEN S, et al. Apache flink: stream and batch processing in a single engine[J]. Data Engineering, 2015, 38(4): 28-38.
[2]	REEVES A, DELFABBRO P, CALIC D. Encouraging employee engagement with cybersecurity: how to tackle cyber fatigue[J]. SAGE Open, 2021, 11(1): 1-18.
[3]	HASSAN W U, GUO S, LI D, et al. Nodoze: combatting threat alert fatigue with automated provenance triage[C]// Network and Distributed Systems Security Symposium. San Diego: Internet Society, 2019:1-15.
[4]	AMINANTO M E, ZHU L, BAN T, et al. Combating threat-alert fatigue with online anomaly detection using isolation forest[C]// Neural Information Processing:26th International Conference, ICONIP 2019. Sydney: Springer International Publishing, 2019: 756-765.
[5]	MOSKAL S, YANG S J, KUHL M E, et al. Extracting and evaluating similar and unique cyber attack strategies from intrusion alerts[C]// 2018 IEEE International Conference on Intelligence and Security Informatics (ISI). Miami: IEEE Press, 2018: 49-54.
[6]	RIEBE T, WIRTH T, BAYER M, et al. Cysecalert: an alert generation system for cyber security events using open source intelligence data[J]. Springer Link, 2021:429-446.
[7]	SHON H G, LEE Y, YOON M. Semi-supervised alert filtering for network security[J]. Electronics, 2023, 12(23): 4755.
[8]	YANG A Y, XIAO B, WANG B N, et al. Baichuan 2: open large-scale language models[J]. arXiv Preprint, arXiv: 2309.10305, 2023.
[9]	BROWN T B, MANN B, Ryder N, et al. Language models are few-shot learners[J]. arXiv Preprint, arXiv: 2005.14165v4, 2020.
[10]	ZHAO A, HUANG D, XU Q, et al. ExpeL: LLM agents are experiential learners[J]. arXiv Preprint, arXiv: 2308.10144, 2023.
[11]	CHASE H. LangChain[EB/OL]. (2022-10-17)[2024-07-11]. https://github.com/langchain-ai/langchain.
[12]	YAO S Y, ZHAO J, YU D, et al. ReAct: synergizing reasoning and acting in language models[J]. arXiv Preprint, arXiv: 2210.03629, 2022.
[13]	SHINN N, LABASH B, GOPINATH A. Reflexion: an autonomous agent with dynamic memory and self-reflection[J]. arXiv Preprint, arXiv:2303.11366, 2023.
[14]	ROUMELIOTIS K I, TSELIKAS N D. ChatGPT and Open-AI models: a preliminary review[J]. Future Internet, 2023, 15(6): 192.
[15]	RAM P, GRAY A G. Maximum inner-product search using cone trees[C]// Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York: ACM Press, 2012: 931-939.
[16]	DASGUPTA A, KUMAR R, SARLÓS T. Fast locality-sensitive hashing[C]// Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York: ACM Press, 2011: 1073-1081.

编辑推荐

Metrics

阅读次数

全文

HTML			PDF

最新录用	在线预览	正式出版	最新录用	在线预览	正式出版
0	0	9	0	0	42

来源	本网站	其他网站

次数	49	2
比例	96%	4%

摘要

150

最新录用	在线预览	正式出版

0	0	150

	来源	本网站

	次数	150
	比例	100%

生成式人工智能赋能网络安全运营降噪能力研究

Research on generative artificial intelligence empowering cybersecurity operations with noise reduction capability

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 16

相关文章 3

编辑推荐

Metrics

本文评价

[1]	董耀聪, 张倩, 李宝强, 李艺, 董悦. 基于生成式人工智能的工业互联网安全技术与应用研究[J]. 信息通信技术与政策, 2024, 50(8): 32-37.
[2]	武林娜, 宋恺, 王淞鹤. 生成式人工智能对个人信息安全的挑战及应对策略[J]. 信息通信技术与政策, 2024, 50(1): 13-18.
[3]	宋恺, 屈蕾蕾, 杨萌科. 生成式人工智能的治理策略研究[J]. 信息通信技术与政策, 2023, 49(7): 83-88.