Research on generative artificial intelligence empowering cybersecurity operations with noise reduction capability

doi:10.12267/j.issn.2096-5931.2024.08.004

Abstract

Abstract:

Against the backdrop of the digital age, the challenges faced by cybersecurity are increasing, with alarm fatigue becoming a prominent issue. Traditional alarm handling methods suffer from low efficiency due to their inability to effectively distinguish between real and false threats. The adoption of generative artificial intelligence (AI) technology not only allows for more accurate identification of security threats and reduction in false alarms but also enhances the efficiency of handling security events. Moreover, AI’s capability in data analysis aids security teams in more effectively addressing complex security incidents, thereby improving the overall level of network security. Despite the challenges of accuracy and interpretability faced by AI technology in practical applications, the introduction of the LLM agent noise reduction system, which integrates the capabilities of both large and small models, combined with alert situation awareness and knowledge database data, can achieve efficient alarm processing.

Key words: generative artificial intelligence, alarm noise reduction, LLM agent, alarm fatigue

CLC Number:

MENG Nan, ZHOU Chengsheng, ZHAO Xun. Research on generative artificial intelligence empowering cybersecurity operations with noise reduction capability[J]. Information and Communications Technology and Policy, 2024, 50(8): 24-31.

Add to citation manager EndNote|Ris|BibTeX

URL:

http://ictp.caict.ac.cn/EN/10.12267/j.issn.2096-5931.2024.08.004

http://ictp.caict.ac.cn/EN/Y2024/V50/I8/24

Figures/Tables 8

References 16

[1]	CARBONE P, KATSIFODIMOS A, EWEN S, et al. Apache flink: stream and batch processing in a single engine[J]. Data Engineering, 2015, 38(4): 28-38.
[2]	REEVES A, DELFABBRO P, CALIC D. Encouraging employee engagement with cybersecurity: how to tackle cyber fatigue[J]. SAGE Open, 2021, 11(1): 1-18.
[3]	HASSAN W U, GUO S, LI D, et al. Nodoze: combatting threat alert fatigue with automated provenance triage[C]// Network and Distributed Systems Security Symposium. San Diego: Internet Society, 2019:1-15.
[4]	AMINANTO M E, ZHU L, BAN T, et al. Combating threat-alert fatigue with online anomaly detection using isolation forest[C]// Neural Information Processing:26th International Conference, ICONIP 2019. Sydney: Springer International Publishing, 2019: 756-765.
[5]	MOSKAL S, YANG S J, KUHL M E, et al. Extracting and evaluating similar and unique cyber attack strategies from intrusion alerts[C]// 2018 IEEE International Conference on Intelligence and Security Informatics (ISI). Miami: IEEE Press, 2018: 49-54.
[6]	RIEBE T, WIRTH T, BAYER M, et al. Cysecalert: an alert generation system for cyber security events using open source intelligence data[J]. Springer Link, 2021:429-446.
[7]	SHON H G, LEE Y, YOON M. Semi-supervised alert filtering for network security[J]. Electronics, 2023, 12(23): 4755.
[8]	YANG A Y, XIAO B, WANG B N, et al. Baichuan 2: open large-scale language models[J]. arXiv Preprint, arXiv: 2309.10305, 2023.
[9]	BROWN T B, MANN B, Ryder N, et al. Language models are few-shot learners[J]. arXiv Preprint, arXiv: 2005.14165v4, 2020.
[10]	ZHAO A, HUANG D, XU Q, et al. ExpeL: LLM agents are experiential learners[J]. arXiv Preprint, arXiv: 2308.10144, 2023.
[11]	CHASE H. LangChain[EB/OL]. (2022-10-17)[2024-07-11]. https://github.com/langchain-ai/langchain.
[12]	YAO S Y, ZHAO J, YU D, et al. ReAct: synergizing reasoning and acting in language models[J]. arXiv Preprint, arXiv: 2210.03629, 2022.
[13]	SHINN N, LABASH B, GOPINATH A. Reflexion: an autonomous agent with dynamic memory and self-reflection[J]. arXiv Preprint, arXiv:2303.11366, 2023.
[14]	ROUMELIOTIS K I, TSELIKAS N D. ChatGPT and Open-AI models: a preliminary review[J]. Future Internet, 2023, 15(6): 192.
[15]	RAM P, GRAY A G. Maximum inner-product search using cone trees[C]// Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York: ACM Press, 2012: 931-939.
[16]	DASGUPTA A, KUMAR R, SARLÓS T. Fast locality-sensitive hashing[C]// Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York: ACM Press, 2011: 1073-1081.